1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet stopped working after removing malware

Discussion in 'Virus & Other Malware Removal' started by lwang4091, Jan 9, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. lwang4091

    lwang4091 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    28
    Hi everyone,

    I installed the malware Vosteran search somehow. I use Chrome as browser for both my work computer and personal computer. I first spotted the malware at work as it showed up in Chrome, so I downloaded Adwcleaner and removed all the infected files. Restarted and it appeared OK.

    Then later that day I found the same problem in Chrome on my personal computer at home (I always signed in for Google so all info in Chrome was shared). So I did the same thing, used Adwcleaner, removed malware and restarted. Only this time, after restarting, my internet won't work, I couldn't browse internet (not IE either), cannot get on Hangout in Chrome. But wifi showed it was connected perfectly.

    IE gave me a detail error message saying one or more internet protocol may be missing

    The next day I went to work and my work computer had no problem at all. I could get on internet as usual.

    I tried the ipconfig\all and it didn't work. Tried ping test and no response. Finally I tried restoring system and it was not successful due to that "C drive might be corrupted". My work computer is Window 7 and my personal computer is Windows 8.1

    Could someone help me with this issue? Thank you so so so much!!!
     
  2. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Please post the content of the C:\AdwCleaner[S?].txt logfile in your next reply. If you have more than one file, post them all.

    Next

    TSG - SysInfo utility
    • Right mouse click on this link:SysInfo utility
    • Select from the pop up box:
      "Save link as..."
    • From the left panel of the pop up box, scroll up and select desktop.
    • Click the "Save" button.
    From your desktop:
    • Right Mouse click SysInfo.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
    • Right click, select copy and then paste in your next post.
     
  3. lwang4091

    lwang4091 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    28
    Hi, thanks for your reply. Please see below for system information:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8.1, 64 bit
    Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz, Intel64 Family 6 Model 69 Stepping 1
    Processor Count: 4
    RAM: 3979 Mb
    Graphics Card: Intel(R) HD Graphics Family, -2042 Mb
    Hard Drives: C: Total - 454870 MB, Free - 370066 MB;
    Motherboard: ASUSTeK COMPUTER INC., UX302LA
    Antivirus: Windows Defender, Disabled


    Also, I had 6 Adwcleaner report, please see below:

    Report 1
    :
    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.hao123.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
    Key Found : [x64] HKCU\Software\1ClickDownload
    Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - www.hao123.com/?tn=97023167_hao_pg

    -\\ Google Chrome v39.0.2171.95

    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=

    *************************

    AdwCleaner[R0].txt - [3948 octets] - [08/01/2015 20:03:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4008 octets] ##########

    Report 2:

    # AdwCleaner v4.107 - Report created 08/01/2015 at 20:10:15
    # Updated 07/01/2015 by Xplode
    # Database : 2014-12-21.4 [Local]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Lin - LIN
    # Running from : C:\Users\Lin\Downloads\adwcleaner_4.107 (1).exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Google Chrome v39.0.2171.95

    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [4096 octets] - [08/01/2015 20:03:02]
    AdwCleaner[R1].txt - [1937 octets] - [08/01/2015 20:10:15]
    AdwCleaner[S0].txt - [4235 octets] - [08/01/2015 20:05:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2057 octets] ##########

    Report 3:

    # AdwCleaner v4.107 - Report created 11/01/2015 at 19:28:16
    # Updated 07/01/2015 by Xplode
    # Database : 2014-12-21.4 [Local]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Lin - LIN
    # Running from : C:\Users\Lin\Downloads\adwcleaner_4.107 (1).exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Google Chrome v39.0.2171.95

    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [4096 octets] - [08/01/2015 20:03:02]
    AdwCleaner[R1].txt - [2137 octets] - [08/01/2015 20:10:15]
    AdwCleaner[R2].txt - [1997 octets] - [11/01/2015 19:28:16]
    AdwCleaner[S0].txt - [4235 octets] - [08/01/2015 20:05:58]
    AdwCleaner[S1].txt - [2206 octets] - [08/01/2015 20:11:37]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2177 octets] ##########

    Report 4:

    # AdwCleaner v4.107 - Report created 08/01/2015 at 20:05:58
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-03.1 [Live]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Lin - LIN
    # Running from : C:\Users\Lin\Downloads\adwcleaner_4.107 (1).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\baidu
    Folder Deleted : C:\Program Files (x86)\TornTV.com
    Folder Deleted : C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
    Folder Deleted : C:\Users\Public\Device
    File Deleted : C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
    File Deleted : C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Deleted : C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
    File Deleted : C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.hao123.com

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Google Chrome v39.0.2171.95

    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=

    *************************

    AdwCleaner[R0].txt - [4096 octets] - [08/01/2015 20:03:02]
    AdwCleaner[S0].txt - [4091 octets] - [08/01/2015 20:05:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4151 octets] ##########

    Report 5:

    # AdwCleaner v4.107 - Report created 08/01/2015 at 20:11:37
    # Updated 07/01/2015 by Xplode
    # Database : 2014-12-21.4 [Local]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Lin - LIN
    # Running from : C:\Users\Lin\Downloads\adwcleaner_4.107 (1).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Google Chrome v39.0.2171.95

    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [4096 octets] - [08/01/2015 20:03:02]
    AdwCleaner[R1].txt - [2137 octets] - [08/01/2015 20:10:15]
    AdwCleaner[S0].txt - [4235 octets] - [08/01/2015 20:05:58]
    AdwCleaner[S1].txt - [2066 octets] - [08/01/2015 20:11:37]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2126 octets] ##########

    Report 6:

    # AdwCleaner v4.107 - Report created 11/01/2015 at 19:30:05
    # Updated 07/01/2015 by Xplode
    # Database : 2014-12-21.4 [Local]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Lin - LIN
    # Running from : C:\Users\Lin\Downloads\adwcleaner_4.107 (1).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Google Chrome v39.0.2171.95

    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir=
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [4096 octets] - [08/01/2015 20:03:02]
    AdwCleaner[R1].txt - [2137 octets] - [08/01/2015 20:10:15]
    AdwCleaner[R2].txt - [2257 octets] - [11/01/2015 19:28:16]
    AdwCleaner[S0].txt - [4235 octets] - [08/01/2015 20:05:58]
    AdwCleaner[S1].txt - [2206 octets] - [08/01/2015 20:11:37]
    AdwCleaner[S2].txt - [2186 octets] - [11/01/2015 19:30:05]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2246 octets] ##########
     
  4. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi lwang4091

    Do you have a different anti-virus other than Windows Defender? It seems to be disabled.
    Please run FRST after answering my question.

    FRST - Farbar Recovery Scanner Tool for Vista-W7 [​IMG]

    Please download FRST64.exe ... by Farbar. Save it to your desktop.

    1. Right click on FRST64.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it. When the tool opens click Yes to disclaimer.
    2. Press Scan button. ... A log will be created FRST.txt in the same directory the tool is run.
    3. Please copy/paste FRST.txt it to your reply.
      The first time the tool is run, it makes also another log... Addition.txt.
    4. Please copy/paste Addition.txt in your reply.
     
  5. lwang4091

    lwang4091 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    28
    Hi, I am not aware of any other antivirus that I am using.

    Please see below the 2 reports:

    FRST:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
    Ran by Lin (administrator) on LIN on 13-01-2015 21:09:23
    Running from C:\Users\Lin\Desktop
    Loaded Profile: Lin (Available profiles: Lin & Administrator)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
    () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
    (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (Sogou.com Inc) C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Lingoes Project) C:\Users\Lin\AppData\Local\Lingoes\Translator\lingoes-cn\Lingoes.exe
    (Google Inc.) C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe
    (Spotify Ltd) C:\Users\Lin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Spotify Ltd) C:\Users\Lin\AppData\Roaming\Spotify\spotify.exe
    (Sogou.com Inc.) C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe
    (Facebook Inc.) C:\Users\Lin\AppData\Local\Facebook\Update\FacebookUpdate.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-07-10] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10240 2013-08-22] (Microsoft Corporation)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [Lingoes] => C:\Users\Lin\AppData\Local\Lingoes\Translator\lingoes-cn\Lingoes.exe [2506752 2013-03-29] (Lingoes Project)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [Google Update] => C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-30] (Google Inc.)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [Spotify Web Helper] => C:\Users\Lin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [Spotify] => C:\Users\Lin\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-08] (Spotify Ltd)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [ImeGuardCom] => C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe [368760 2014-06-29] (Sogou.com Inc.)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [Facebook Update] => C:\Users\Lin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-03] (Facebook Inc.)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\MountPoints2: {0504afa2-8013-11e4-bf26-5c514f2ab538} - "D:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\MountPoints2: {0504b211-8013-11e4-bf26-5c514f2ab538} - "D:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\MountPoints2: {90c0d30e-c03d-11e3-be95-5c514f2ab538} - "D:\HTC_Sync_Manager_PC.exe"
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
    ShellIconOverlayIdentifiers-x32: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=33059180_cb&ch=33
    BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
    BHO-x32: &#25628;&#29399;&#36755;&#20837;&#27861;&#22320;&#22336;&#26639;&#25628;&#32034; -> {0C3ED74B-8703-4003-A1F4-2B2A0C450DD2} -> C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddr.dll (Sogou.com Inc.)
    BHO-x32: A631CCC7-46D9-E8DA-16DC-AF3C379936A4 Class -> {A631CCC7-46D9-E8DA-16DC-AF3C379936A4} -> C:\Program Files (x86)\QvodPlayer\AddIn\{A631CCC7-46D9-E8DA-16DC-AF3C379936A4}\QvodAddr.dll No File
    BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
    BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
    BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Lin\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll (Tencent)

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)
    FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll (Tencent Technology (Shenzhen) Company Limited)
    FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
    FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
    FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
    FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Lin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @talk.google.com/O1DPlugin -> C:\Users\Lin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
    FF Plugin ProgramFiles/Appdata: C:\Users\Lin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Lin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://mykcurve.pwcinternal.com/wps/myportal/us-staff
    CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir="
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Duolingo Web) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-02-24]
    CHR Extension: (Google Docs) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-24]
    CHR Extension: (Google Drive) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
    CHR Extension: (YouTube) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24]
    CHR Extension: (Google Cast) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-15]
    CHR Extension: (Google Search) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24]
    CHR Extension: (Hangouts) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-07-28]
    CHR Extension: (Attack on Titan - Colossal vs Mikasa) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndmhloiikhiehioeddmiikmpkbjmmemo [2014-12-11]
    CHR Extension: (Google Wallet) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
    CHR Extension: (My Chrome Theme) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-12-17]
    CHR Extension: (Unblock Youku) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-03-18]
    CHR Extension: (Gmail) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
    R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11] (Intel Corporation)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
    R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
    R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
    R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-15] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-05-30] ()
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-06] ()
    R2 OmniAddrService; C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe [154352 2014-07-10] (Sogou.com Inc)
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-06] (Intel® Corporation)
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AmPeStor; C:\Windows\system32\drivers\AmPeStor.sys [145176 2013-08-07] (Alcor Micro, Corp.)
    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69392 2013-08-08] (ASUS Corporation)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-08-01] (Motorola Solutions, Inc.)
    R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-07-31] (Intel Corporation)
    R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
    R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
    R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
    S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [113096 2013-08-06] (Intel Corporation)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-05-30] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-05-30] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-05-30] ()
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
    R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3647968 2013-08-15] (Intel Corporation)
    S3 OCUSBVID; C:\Windows\system32\DRIVERS\OCUSBVID.sys [45488 2014-07-22] (Oculus VR)
    R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider)
    R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-12] ()
    S1 MpKsl590b070f; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7571E32-24EC-4400-A9BA-2D88A85254D2}\MpKsl590b070f.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-13 21:09 - 2015-01-13 21:09 - 00023181 _____ () C:\Users\Lin\Desktop\FRST.txt
    2015-01-13 21:06 - 2015-01-13 21:09 - 00000000 ____D () C:\FRST
    2015-01-13 21:06 - 2015-01-13 09:44 - 02124288 _____ (Farbar) C:\Users\Lin\Desktop\FRST64.exe
    2015-01-12 21:30 - 2015-01-11 18:30 - 00415232 _____ (Farbar) C:\Users\Lin\Desktop\FSS.exe
    2015-01-12 21:16 - 2015-01-12 21:16 - 00002203 _____ () C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-01-12 21:14 - 2015-01-12 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    2015-01-12 21:12 - 2015-01-12 21:12 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
    2015-01-11 19:31 - 2015-01-12 21:14 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
    2015-01-08 20:49 - 2015-01-08 20:49 - 00287336 _____ () C:\WINDOWS\Minidump\010815-21015-01.dmp
    2015-01-08 20:17 - 2015-01-08 20:17 - 00000260 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{38460CE3-F779-40F7-A0A8-066FCFBFA2F6}.job
    2015-01-08 20:02 - 2015-01-11 19:30 - 00000000 ____D () C:\AdwCleaner
    2015-01-08 20:02 - 2015-01-08 20:02 - 02191360 _____ () C:\Users\Lin\Downloads\adwcleaner_4.107 (1).exe
    2015-01-08 01:53 - 2015-01-08 01:53 - 00290400 _____ () C:\WINDOWS\Minidump\010815-18234-01.dmp
    2015-01-07 00:55 - 2015-01-07 00:55 - 00290344 _____ () C:\WINDOWS\Minidump\010715-21593-01.dmp
    2015-01-03 02:10 - 2015-01-03 02:11 - 00290344 _____ () C:\WINDOWS\Minidump\010315-26453-01.dmp
    2015-01-02 01:47 - 2015-01-06 01:58 - 00000000 ____D () C:\Users\Lin\AppData\Roaming\vlc
    2015-01-02 01:47 - 2015-01-02 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-01-02 01:46 - 2015-01-02 01:46 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
    2015-01-02 01:44 - 2015-01-02 01:44 - 24743106 _____ () C:\Users\Lin\Downloads\vlc-2.1.5-win32.exe
    2015-01-02 00:09 - 2015-01-02 00:10 - 00060268 _____ () C:\Users\Lin\Downloads\[TVB&#36830;&#32493;&#21095;][95&#31070;&#38613;&#20384;&#20387;][32&#20840;&#38598;][&#22269;&#31908;&#21452;&#35821;&#20013;&#23383;][DVD-MKV][&#39640;&#28165;&#29256;].torrent
    2014-12-28 19:46 - 2014-12-28 19:46 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2014-12-26 13:44 - 2014-12-26 13:44 - 00290288 _____ () C:\WINDOWS\Minidump\122614-33546-01.dmp
    2014-12-20 19:35 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2014-12-20 19:35 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2014-12-18 00:54 - 2014-12-18 00:54 - 00290400 _____ () C:\WINDOWS\Minidump\121814-22468-01.dmp
    2014-12-16 01:36 - 2014-12-16 01:36 - 00000000 ____D () C:\WINDOWS\system32\appraiser
    2014-12-14 21:23 - 2014-12-14 21:23 - 00290400 _____ () C:\WINDOWS\Minidump\121414-20609-01.dmp
    2014-12-14 17:56 - 2014-12-14 17:57 - 92180986 _____ (Google Inc.) C:\Users\Lin\Downloads\installer_r24.0.1-windows.exe
    2014-12-14 17:48 - 2014-12-14 17:49 - 00290096 _____ () C:\WINDOWS\Minidump\121414-133156-01.dmp
    2014-12-14 17:18 - 2014-12-14 17:18 - 00000000 ____D () C:\Users\Lin\AppData\Roaming\HTC
    2014-12-14 16:53 - 2015-01-12 21:26 - 00000000 ____D () C:\Users\Lin\AppData\Local\HTC MediaHub
    2014-12-14 16:53 - 2014-12-14 17:18 - 00000000 ____D () C:\Users\Lin\Documents\HTC
    2014-12-14 16:53 - 2014-12-14 16:53 - 00002049 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
    2014-12-14 16:53 - 2014-12-14 16:53 - 00000000 ____D () C:\Users\Lin\AppData\Roaming\Apple Computer
    2014-12-14 16:53 - 2014-12-14 16:53 - 00000000 ____D () C:\Users\Lin\AppData\Local\Apple Computer
    2014-12-14 16:52 - 2014-12-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
    2014-12-14 16:51 - 2014-12-14 16:51 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
    2014-12-14 16:44 - 2014-12-14 16:44 - 00000000 ____D () C:\Users\Lin\AppData\Local\Downloaded Installations
    2014-12-14 16:42 - 2014-12-14 16:52 - 00000000 ____D () C:\Program Files (x86)\HTC
    2014-12-14 16:41 - 2014-12-14 16:42 - 00000000 ____D () C:\Temp
    2014-12-14 16:41 - 2014-12-14 16:41 - 00000000 ____D () C:\ProgramData\HTC
    2014-12-14 16:40 - 2014-12-14 16:40 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
    2014-12-14 16:37 - 2014-12-14 16:37 - 00000000 ____D () C:\Users\Lin\Downloads\WinDroid Universal Android Toolkit v2.0
    2014-12-14 16:36 - 2014-12-14 16:36 - 02033218 _____ () C:\Users\Lin\Downloads\WinDroid Universal Android Toolkit v2.0.zip

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-13 21:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-01-13 21:06 - 2014-06-11 20:32 - 00000000 ____D () C:\Users\Lin\AppData\Roaming\Spotify
    2015-01-13 21:06 - 2014-03-20 22:23 - 00000000 __RDO () C:\Users\Lin\SkyDrive
    2015-01-13 21:05 - 2014-03-12 22:26 - 01230358 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-12 21:31 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-01-12 21:29 - 2013-08-22 09:46 - 00341689 _____ () C:\WINDOWS\setupact.log
    2015-01-12 21:14 - 2013-11-14 02:20 - 00076980 _____ () C:\WINDOWS\PFRO.log
    2015-01-12 21:14 - 2013-10-28 19:28 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
    2015-01-12 21:14 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-12 21:14 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2015-01-11 19:41 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-01-08 20:49 - 2014-03-16 15:13 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-01-08 20:49 - 2014-02-27 00:42 - 748205516 _____ () C:\WINDOWS\MEMORY.DMP
    2015-01-08 20:43 - 2014-03-12 22:16 - 00000000 ____D () C:\Users\Lin
    2015-01-08 20:42 - 2014-03-12 22:16 - 00000000 ____D () C:\Users\Administrator
    2015-01-08 20:36 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
    2015-01-08 20:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2015-01-08 20:06 - 2014-02-24 21:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3651937335-3126230459-2475322002-1001
    2015-01-08 20:06 - 2013-07-10 21:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-01-08 20:03 - 2014-06-22 17:14 - 00003898 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{38460CE3-F779-40F7-A0A8-066FCFBFA2F6}
    2015-01-08 20:03 - 2013-10-28 19:22 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
    2015-01-08 20:03 - 2013-10-28 19:22 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
    2015-01-08 20:02 - 2014-02-24 20:54 - 00000075 _____ () C:\Users\Lin\AppData\Roaming\sp_data.sys
    2015-01-08 20:01 - 2014-02-24 21:17 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-08 01:47 - 2014-02-24 21:17 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-04 20:34 - 2014-01-24 19:26 - 00000000 ____D () C:\Users\Lin\Documents\Tencent Files
    2015-01-03 02:07 - 2014-07-25 20:40 - 00000000 ____D () C:\Users\Lin\AppData\Roaming\uTorrent
    2015-01-02 08:22 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
    2015-01-02 00:14 - 2014-07-19 21:08 - 00000000 ____D () C:\Users\Lin\Desktop\movie
    2014-12-31 06:14 - 2014-02-27 01:05 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2014-12-25 10:19 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-12-16 01:36 - 2014-07-09 00:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-12-15 22:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
    2014-12-15 22:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
    2014-12-15 22:26 - 2014-02-27 00:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-12-15 22:20 - 2014-02-27 00:20 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-12-14 17:48 - 2013-08-22 09:44 - 00337864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-12-14 17:47 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
    2014-12-14 16:52 - 2013-10-28 19:08 - 00044512 _____ () C:\WINDOWS\DPINST.LOG

    Files to move or delete:
    ====================
    C:\ProgramData\SetStretch.exe
    C:\ProgramData\SetStretch.VBS


    Some content of TEMP:
    ====================
    C:\Users\Lin\AppData\Local\Temp\gtapi_signed.dll
    C:\Users\Lin\AppData\Local\Temp\qqsafeud.exe
    C:\Users\Lin\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lin\AppData\Local\Temp\QvodSetup5.20.234.20140508.exe
    C:\Users\Lin\AppData\Local\Temp\QzoneMusic.exe
    C:\Users\Lin\AppData\Local\Temp\shutdown1409015590.exe
    C:\Users\Lin\AppData\Local\Temp\sogou_pinyin_7.1.0.2005_up_5.exe
    C:\Users\Lin\AppData\Local\Temp\sogou_pinyin_7.4.1.4655.exe
    C:\Users\Lin\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-07 01:06

    ==================== End Of Log ============================

    Addition:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
    Ran by Lin at 2015-01-13 21:09:54
    Running from C:\Users\Lin\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Alcor Micro PCIE Card Reader (HKLM-x32\...\AmPeStor) (Version: 2.5.1107.0113 - Alcor Micro Corp.)
    Alcor Micro PCIE Card Reader (x32 Version: 2.5.1107.0113 - Alcor Micro Corp.) Hidden
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.2 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.5 - ASUS)
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
    Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    ChromecastApp (HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dragon Assistant Installer (HKLM-x32\...\{A48069B4-3189-4DC2-AD03-645A16949F2F}) (Version: 1.0.0 - ASUS)
    ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Helix (HKLM-x32\...\{17BDF5D8-E7D0-4573-90C1-F705F2F889D0}) (Version: 1.0.0 - ArchiVision)
    HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
    HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
    Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
    Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
    Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{B0366D1E-F89B-4584-B427-ED8E8C41877C}) (Version: 4.1.42.2308 - Intel)
    Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{bc9808f5-afda-4f96-b90e-da5bfb2ef8da}) (Version: 16.1.4 - Intel Corporation)
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Lingoes 2.9.1 (HKLM-x32\...\Lingoes Translator_is1) (Version: 2.9.1 - Lingoes Project)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
    Realtek USB Ethernet Controller Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.6.626.2013 - Realtek)
    Spotify (HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Tencent QQMail Plugin (HKLM-x32\...\QQMailPlugin) (Version: - )
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Driver Package - ASUS (ATP) Mouse (07/16/2013 1.0.0.181) (HKLM\...\16D5A24C881B7CEE31FBA6DD5EC1C194C188F85A) (Version: 07/16/2013 1.0.0.181 - ASUS)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
    &#25628;&#29399;&#25340;&#38899;&#36755;&#20837;&#27861; 7.2&#27491;&#24335;&#29256; (HKLM-x32\...\Sogou Input) (Version: 7.2.1.3736 - Sogou.com)
    &#33150;&#35759;QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 6.2.12179.0 - &#33150;&#35759;&#31185;&#25216;(&#28145;&#22323;)&#26377;&#38480;&#20844;&#21496;)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    14-12-2014 16:17:22 Windows Update
    20-12-2014 19:37:53 Windows Update
    25-12-2014 10:17:17 Windows Update
    02-01-2015 08:10:55 Scheduled Checkpoint
    08-01-2015 20:31:12 Restore Operation

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0A8B7645-98AB-48E2-AB5E-80E957683F32} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
    Task: {0B6090AA-2131-4226-9198-AECAF4542A05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
    Task: {30FB2D8A-6872-4AD6-AF84-0A749298E40B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS)
    Task: {37D4EE99-E38E-4C03-9FAB-D4A22D856656} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
    Task: {3B5B2DE3-398A-4925-86FD-564CE4115254} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2014-09-26] (Sogou.com Inc.)
    Task: {5B75C2F0-9378-49E4-817B-DB318D260E64} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
    Task: {5DEC9B8F-5614-4EB8-B51A-F1ED51167B8A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-08-08] (AsusTek)
    Task: {61EEF36A-94A6-4EFF-8257-0AE045BE7304} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {650B9863-F15A-4B2D-9169-57D680949D0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
    Task: {759F1F31-D7FC-4F1D-914F-8ED79A542218} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
    Task: {AC3A98B0-4CC8-4FC3-90E0-21B687116798} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {C2E09883-051A-48E6-AC97-C91A0A788E7C} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.)
    Task: {CF0E53D5-A911-4245-A518-2F9352AD1010} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-15] (Microsoft Corporation)
    Task: {D0DED314-B712-485B-A3FA-59BE5CFC0A82} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-09] (ASUSTek Computer Inc.)
    Task: {FACB5098-5FD0-400F-835E-838FC80D2B23} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3651937335-3126230459-2475322002-1001Core.job => C:\Users\Lin\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3651937335-3126230459-2475322002-1001Core1cf89c9bab63cce.job => C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3651937335-3126230459-2475322002-1001Core1cff271c032179b.job => C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3651937335-3126230459-2475322002-1001Core1d0014a115080c0.job => C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{38460CE3-F779-40F7-A0A8-066FCFBFA2F6}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-12-19 01:10 - 2012-12-19 01:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    2013-05-30 18:46 - 2013-05-30 18:46 - 00182760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-05-30 18:46 - 2013-05-30 18:46 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
    2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
    2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
    2013-10-28 19:07 - 2013-08-08 15:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-03-28 20:42 - 2013-03-30 00:05 - 00335872 _____ () C:\Users\Lin\AppData\Local\Lingoes\Translator\lingoes-cn\OpenText32.dll
    2014-06-11 20:33 - 2014-10-08 20:32 - 36966968 _____ () C:\Users\Lin\AppData\Roaming\Spotify\Data\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Lin\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\Lin\SkyDrive (2).old:ms-properties
    AlternateDataStreams: C:\Users\Lin\SkyDrive.old:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3651937335-3126230459-2475322002-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-3651937335-3126230459-2475322002-501 - Limited - Disabled)
    Lin (S-1-5-21-3651937335-3126230459-2475322002-1001 - Administrator - Enabled) => C:\Users\Lin

    ==================== Faulty Device Manager Devices =============

    Name: IWD Bus Enumerator
    Description: IWD Bus Enumerator
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard system devices)
    Service: iwdbus
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/13/2015 09:10:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-21T02:10:08Z. Error Code: 0x80040154.

    Error: (01/13/2015 09:09:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-21T02:09:38Z. Error Code: 0x80040154.

    Error: (01/13/2015 09:09:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-21T02:09:08Z. Error Code: 0x80040154.

    Error: (01/13/2015 09:08:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-21T02:08:38Z. Error Code: 0x80040154.

    Error: (01/13/2015 09:08:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-21T02:08:08Z. Error Code: 0x80040154.

    Error: (01/13/2015 09:07:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-21T02:07:38Z. Error Code: 0x80040154.

    Error: (01/13/2015 09:07:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-21T02:07:08Z. Error Code: 0x80040154.

    Error: (01/13/2015 09:06:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-21T02:06:38Z. Error Code: 0x80040154.

    Error: (01/13/2015 09:06:31 PM) (Source: Google Update) (EventID: 20) (User: LIN)
    Description: Network Request Error.
    Error: 0x8007273c. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http s

    Error: (01/13/2015 09:05:49 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-21T02:05:49Z. Error Code: 0x80040154.


    System errors:
    =============
    Error: (01/13/2015 09:06:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Network Connection Broker service terminated with the following error:
    %%4294967295

    Error: (01/13/2015 09:05:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044

    Error: (01/13/2015 09:05:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044

    Error: (01/12/2015 09:33:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/12/2015 09:19:06 PM) (Source: BTHUSB) (EventID: 16) (User: )
    Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (ac:22:0b:62:12:68) failed.

    Error: (01/12/2015 09:18:14 PM) (Source: BTHUSB) (EventID: 16) (User: )
    Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (ac:22:0b:62:12:68) failed.

    Error: (01/12/2015 09:14:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044

    Error: (01/12/2015 09:14:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Network Connection Broker service terminated with the following error:
    %%4294967295

    Error: (01/12/2015 09:14:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Print Spooler service terminated with the following error:
    %%2147944103

    Error: (01/12/2015 09:13:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


    Microsoft Office Sessions:
    =========================
    Error: (01/13/2015 09:10:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-21T02:10:08Z

    Error: (01/13/2015 09:09:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-21T02:09:38Z

    Error: (01/13/2015 09:09:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-21T02:09:08Z

    Error: (01/13/2015 09:08:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-21T02:08:38Z

    Error: (01/13/2015 09:08:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-21T02:08:08Z

    Error: (01/13/2015 09:07:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-21T02:07:38Z

    Error: (01/13/2015 09:07:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-21T02:07:08Z

    Error: (01/13/2015 09:06:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-21T02:06:38Z

    Error: (01/13/2015 09:06:31 PM) (Source: Google Update) (EventID: 20) (User: LIN)
    Description: Network Request Error.
    Error: 0x8007273c. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http s

    Error: (01/13/2015 09:05:49 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-21T02:05:49Z


    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-29 00:05:43.272
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:05:42.693
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:05:42.038
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:05:41.597
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:05:41.022
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:05:40.561
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:00:37.966
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:00:37.792
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-28 23:51:27.029
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-28 23:51:26.886
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 34%
    Total physical RAM: 3979.34 MB
    Available physical RAM: 2587.47 MB
    Total Pagefile: 8075.34 MB
    Available Pagefile: 6603.91 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:444.21 GB) (Free:361.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (CORSAIR) (Removable) (Total:14.92 GB) (Free:14.91 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 5B98F280)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 22.4 GB) (Disk ID: 74F02DEA)
    Partition 1: (Not Active) - (Size=22.4 GB) - (Type=73)

    ========================================================
    Disk: 2 (Size: 14.9 GB) (Disk ID: 0B4DCA12)
    Partition 1: (Active) - (Size=14.9 GB) - (Type=0B)

    ==================== End Of Log ============================
     
  6. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi lwang4091,

    Please complete the following:

    Step 1.
    Turn on Windows Defender
    1. Log on to Windows 8 or Windows 8.1 computer with the administrator account.
    2. Hover the mouse pointer to the bottom right for top right corner of the desktop screen.
    3. From the displayed Charms bar, click the Settings option.
    4. From the displayed options, click the Control Panel.
    5. On the Control Panel window that opens up, click the System and Security category.
    6. On the System and Security window, from the right pane, click the Action Center category.
    7. On the Action Center window, under the Security section click the Turn on now button representing either the Spyware and unwanted software protection (Important) or Virus protection (Important) option. (When Turn on now button representing any of the above options is clicked, the Windows Defender is turned on.).

    Please post back confirming the programs has activated.


    Step 2.
    Download the attached file "fixlist.txt" to your desktop. This is where FRST should be located.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post me the log


    Step 3.
    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware and save to your desktop.



    • Right-click mbam-setup.exe and select " Run as administrator " to run it. If prompted by the UAC, allow it to run.
    • Follow the prompts and at the end, be sure a checkmark is placed next to:
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
    • Uncheck Enable free trial of Malwarebytes Anti-malware PRO (You can activate this when we've finished, if you wish)
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
      Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
     

    Attached Files:

  7. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi lwang4091.

    It has been three days since my last post.

    • Do you still need help?
    • Do you need more time?
    • Are you having problems following my instructions?
    • These topics will self- close after 45 days without a response.
    • If you do not reply within the next 48 hours, I will remove this topic from my notification list.
    • If you post back after 5 days but before 45 days, PM me and wait for a response.
    • If you still need help after 45 days post a new log on a new thread.
     
  8. lwang4091

    lwang4091 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    28
    Hi,

    Sorry I didn't get a chance to post my reply. I will post the result tomorrow. Thanks for your help and sorry for the delay.
     
  9. lwang4091

    lwang4091 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    28
    Hi, please see below:

    Step 1: completed.

    Step 2: report below:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02
    Ran by Administrator at 2015-01-19 20:32:26 Run:1
    Running from C:\Users\Administrator\Desktop
    Loaded Profile: Administrator (Available profiles: Lin & Administrator)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0By EyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G 1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0Dy DtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyB tGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir="


    *****************

    Chrome StartupUrls not detected.

    ==== End of Fixlog 20:32:26 ====


    Step 3: I couldn't update the software since the internet couldn't be connected. I didn't see a "perform a quick scan" option so I just did "scan now". I restarted computer after deleting the files. Please see log below:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/19/2015
    Scan Time: 8:36:28 PM
    Logfile: log1.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.09.19.05
    Rootkit Database: v2014.09.18.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Administrator

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 349396
    Time Elapsed: 30 min, 16 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 31
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\APPID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}, Quarantined, [a0e11dd27efdc27457c11290ae54cd33],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [a0e11dd27efdc27457c11290ae54cd33],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [a0e11dd27efdc27457c11290ae54cd33],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D}, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58}, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA677CC1-D6FA-4B55-825D-6C493F56ED84}, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE575A61-09BD-4F3A-B8B5-B55B813B44EC}, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58}, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA677CC1-D6FA-4B55-825D-6C493F56ED84}, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE575A61-09BD-4F3A-B8B5-B55B813B44EC}, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D}, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.JsObject.1, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.JsObject, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.JsObject, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.JsObject.1, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05}, Quarantined, [dea3b9369edd2313d6410b97a45e09f7],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [6c152fc0215ad0666fa7b5ed4db5748c],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}, Quarantined, [6c152fc0215ad0666fa7b5ed4db5748c],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [6c152fc0215ad0666fa7b5ed4db5748c],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [6c152fc0215ad0666fa7b5ed4db5748c],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}, Quarantined, [6c152fc0215ad0666fa7b5ed4db5748c],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [6c152fc0215ad0666fa7b5ed4db5748c],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker, Quarantined, [6c152fc0215ad0666fa7b5ed4db5748c],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker, Quarantined, [6c152fc0215ad0666fa7b5ed4db5748c],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [6c152fc0215ad0666fa7b5ed4db5748c],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}, Quarantined, [a5dc87682d4ed165908540623bc7f808],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.SnavHttpProtocol.1, Quarantined, [a5dc87682d4ed165908540623bc7f808],
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.SnavHttpProtocol, Quarantined, [a5dc87682d4ed165908540623bc7f808],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.SnavHttpProtocol, Quarantined, [a5dc87682d4ed165908540623bc7f808],
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.SnavHttpProtocol.1, Quarantined, [a5dc87682d4ed165908540623bc7f808],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 8
    PUP.Optional.4Shared, C:\$Recycle.Bin\S-1-5-21-3651937335-3126230459-2475322002-1001\$RLTOVBN.exe, Quarantined, [f78a5f90017ac37351af6845738ef20e],
    PUP.Optional.CrossRider, C:\Users\Lin\AppData\Local\Temp\nsd65EF.tmp\trtextsetup.exe, Quarantined, [8af730bf0873d6606c466646837ec13f],
    PUP.Optional.CrossRider, C:\Users\Lin\AppData\Local\Temp\nsf249.tmp\Ynrztwblgtwnm.exe, Quarantined, [6918e50a24574de936a93e0d8977b34d],
    PUP.Optional.OutBrowse, C:\Users\Lin\Downloads\setup.exe, Quarantined, [87fad41bdaa156e08052b4ccae536898],
    PUP.Optional.OneClickDownloader.A, C:\Users\Lin\Downloads\The_Rock_1996_[1080p] (1).exe, Quarantined, [0d74a34cd1aa181ea8f561c159a8da26],
    PUP.Optional.OneClickDownloader.A, C:\Users\Lin\Downloads\The_Rock_1996_[1080p].exe, Quarantined, [a4ddf0fffa8121154c51f032cb36857b],
    PUP.Optional.Somoto.A, C:\Users\Lin\Downloads\VideoConverterSetup-NeMTnFYZ1.exe, Quarantined, [87fac32c314af93dcfe97b04de26d52b],
    PUP.Optional.4Shared, C:\Users\Lin\Downloads\X-Men 2 (2003) 720p BrRip x264 - 750MB - YIFY.exe, Quarantined, [c4bd8a65007b55e1f10f911cc63bbe42],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  10. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi lwang4091,
    -----------------------------------------------------------------------------
    Run a New Scan With the Farbar Scan Tool
    • Double click FRST64.exe on your desktop to launch it.
    • When the tool opens click Yes to disclaimer.
    • Check the box for Addition.txt so it will produce that file again.
    • Press the Scan button.
    • When finished scanning, a new version of the logs FRST.txt and Addition.txt will be saved on your Desktop and opened in Notepad.
    • Please post the contents of both in your next replies.
    Separate replies are fine.
     
  11. lwang4091

    lwang4091 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    28
    Hi, please see both reports below:

    FRST:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
    Ran by Lin (administrator) on LIN on 21-01-2015 22:10:48
    Running from C:\Users\Lin\Desktop
    Loaded Profile: Lin (Available profiles: Lin & Administrator)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
    () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
    (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (Sogou.com Inc) C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Lingoes Project) C:\Users\Lin\AppData\Local\Lingoes\Translator\lingoes-cn\Lingoes.exe
    (Google Inc.) C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe
    (Google Inc.) C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe
    (Spotify Ltd) C:\Users\Lin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Sogou.com Inc.) C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe
    (Facebook Inc.) C:\Users\Lin\AppData\Local\Facebook\Update\FacebookUpdate.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-07-10] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10240 2013-08-22] (Microsoft Corporation)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [Lingoes] => C:\Users\Lin\AppData\Local\Lingoes\Translator\lingoes-cn\Lingoes.exe [2506752 2013-03-29] (Lingoes Project)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [Google Update] => C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-30] (Google Inc.)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [Spotify Web Helper] => C:\Users\Lin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [Spotify] => C:\Users\Lin\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-08] (Spotify Ltd)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [ImeGuardCom] => C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe [368760 2014-06-29] (Sogou.com Inc.)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Run: [Facebook Update] => C:\Users\Lin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-03] (Facebook Inc.)
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\MountPoints2: {0504afa2-8013-11e4-bf26-5c514f2ab538} - "D:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\MountPoints2: {0504b211-8013-11e4-bf26-5c514f2ab538} - "D:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\MountPoints2: {90c0d30e-c03d-11e3-be95-5c514f2ab538} - "D:\HTC_Sync_Manager_PC.exe"
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
    ShellIconOverlayIdentifiers-x32: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=33059180_cb&ch=33
    BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
    BHO-x32: &#25628;&#29399;&#36755;&#20837;&#27861;&#22320;&#22336;&#26639;&#25628;&#32034; -> {0C3ED74B-8703-4003-A1F4-2B2A0C450DD2} -> C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddr.dll (Sogou.com Inc.)
    BHO-x32: A631CCC7-46D9-E8DA-16DC-AF3C379936A4 Class -> {A631CCC7-46D9-E8DA-16DC-AF3C379936A4} -> C:\Program Files (x86)\QvodPlayer\AddIn\{A631CCC7-46D9-E8DA-16DC-AF3C379936A4}\QvodAddr.dll No File
    BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
    BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
    BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Lin\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll (Tencent)

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)
    FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll (Tencent Technology (Shenzhen) Company Limited)
    FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
    FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
    FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
    FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Lin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @talk.google.com/O1DPlugin -> C:\Users\Lin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3651937335-3126230459-2475322002-1001: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
    FF Plugin ProgramFiles/Appdata: C:\Users\Lin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Lin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://mykcurve.pwcinternal.com/wps/myportal/us-staff
    CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_wnzp01_15_02_ch&cd=2XzuyEtN2Y1L1Qzu0Ezz0BtC0F0CtD0B0A0B0CyDtD0ByEyDtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyD0C0CtA0D0E0CtGtCtD0A0FtG0ByC0A0DtGtC0EtAtAtGyCyE0C0F0DyDtBtB0C0EtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0E0F0B0DtDzztGzytD0C0EtGyE0C0DyBtGzztB0D0AtG0C0DtDtAtB0DtBzy0AtC0C0C2Q&cr=1083255898&ir="
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Duolingo Web) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-02-24]
    CHR Extension: (Google Docs) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-24]
    CHR Extension: (Google Drive) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
    CHR Extension: (YouTube) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24]
    CHR Extension: (Google Cast) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-15]
    CHR Extension: (Google Search) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24]
    CHR Extension: (Hangouts) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-07-28]
    CHR Extension: (Attack on Titan - Colossal vs Mikasa) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndmhloiikhiehioeddmiikmpkbjmmemo [2014-12-11]
    CHR Extension: (Google Wallet) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
    CHR Extension: (My Chrome Theme) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-12-17]
    CHR Extension: (Unblock Youku) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-03-18]
    CHR Extension: (Gmail) - C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
    R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11] (Intel Corporation)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
    R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
    R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
    R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-15] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-05-30] ()
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-06] ()
    R2 OmniAddrService; C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe [154352 2014-07-10] (Sogou.com Inc)
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-06] (Intel® Corporation)
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AmPeStor; C:\Windows\system32\drivers\AmPeStor.sys [145176 2013-08-07] (Alcor Micro, Corp.)
    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69392 2013-08-08] (ASUS Corporation)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-08-01] (Motorola Solutions, Inc.)
    R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-07-31] (Intel Corporation)
    R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
    R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
    R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
    S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [113096 2013-08-06] (Intel Corporation)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-05-30] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-05-30] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-05-30] ()
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
    R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3647968 2013-08-15] (Intel Corporation)
    S3 OCUSBVID; C:\Windows\system32\DRIVERS\OCUSBVID.sys [45488 2014-07-22] (Oculus VR)
    R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider)
    R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-19] ()
    S1 MpKsl590b070f; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7571E32-24EC-4400-A9BA-2D88A85254D2}\MpKsl590b070f.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-21 22:10 - 2015-01-21 22:11 - 00023108 _____ () C:\Users\Lin\Desktop\FRST.txt
    2015-01-19 21:10 - 2015-01-19 21:10 - 00000000 ____D () C:\Users\Administrator\Documents\HTC
    2015-01-19 21:10 - 2015-01-19 21:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
    2015-01-19 21:10 - 2015-01-19 21:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\HTC MediaHub
    2015-01-19 21:10 - 2015-01-19 21:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple Computer
    2015-01-19 21:10 - 2015-01-19 21:10 - 00000000 ____D () C:\Users\Administrator\.android
    2015-01-19 21:10 - 2015-01-19 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    2015-01-19 20:34 - 2015-01-19 21:13 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-19 20:34 - 2015-01-19 20:34 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-19 20:34 - 2015-01-19 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-19 20:34 - 2015-01-19 20:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-19 20:34 - 2015-01-19 20:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-19 20:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-01-19 20:34 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-01-19 20:34 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-01-19 20:32 - 2015-01-19 20:30 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-2-0-3-1025.exe
    2015-01-19 20:31 - 2015-01-13 09:44 - 02124288 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2015-01-19 20:21 - 2015-01-19 20:21 - 00002277 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
    2015-01-19 20:21 - 2015-01-19 20:21 - 00001444 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-01-19 20:21 - 2015-01-19 20:21 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
    2015-01-19 20:21 - 2015-01-19 20:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2015-01-13 21:06 - 2015-01-21 22:10 - 00000000 ____D () C:\FRST
    2015-01-13 21:06 - 2015-01-13 09:44 - 02124288 _____ (Farbar) C:\Users\Lin\Desktop\FRST64.exe
    2015-01-12 21:30 - 2015-01-11 18:30 - 00415232 _____ (Farbar) C:\Users\Lin\Desktop\FSS.exe
    2015-01-12 21:16 - 2015-01-12 21:16 - 00002203 _____ () C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-01-12 21:12 - 2015-01-12 21:12 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
    2015-01-11 19:31 - 2015-01-19 21:10 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
    2015-01-08 20:49 - 2015-01-08 20:49 - 00287336 _____ () C:\WINDOWS\Minidump\010815-21015-01.dmp
    2015-01-08 20:17 - 2015-01-08 20:17 - 00000260 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{38460CE3-F779-40F7-A0A8-066FCFBFA2F6}.job
    2015-01-08 20:02 - 2015-01-11 19:30 - 00000000 ____D () C:\AdwCleaner
    2015-01-08 20:02 - 2015-01-08 20:02 - 02191360 _____ () C:\Users\Lin\Downloads\adwcleaner_4.107 (1).exe
    2015-01-08 01:53 - 2015-01-08 01:53 - 00290400 _____ () C:\WINDOWS\Minidump\010815-18234-01.dmp
    2015-01-07 00:55 - 2015-01-07 00:55 - 00290344 _____ () C:\WINDOWS\Minidump\010715-21593-01.dmp
    2015-01-03 02:10 - 2015-01-03 02:11 - 00290344 _____ () C:\WINDOWS\Minidump\010315-26453-01.dmp
    2015-01-02 01:47 - 2015-01-06 01:58 - 00000000 ____D () C:\Users\Lin\AppData\Roaming\vlc
    2015-01-02 01:47 - 2015-01-02 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-01-02 01:46 - 2015-01-02 01:46 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
    2015-01-02 01:44 - 2015-01-02 01:44 - 24743106 _____ () C:\Users\Lin\Downloads\vlc-2.1.5-win32.exe
    2015-01-02 00:09 - 2015-01-02 00:10 - 00060268 _____ () C:\Users\Lin\Downloads\[TVB&#36830;&#32493;&#21095;][95&#31070;&#38613;&#20384;&#20387;][32&#20840;&#38598;][&#22269;&#31908;&#21452;&#35821;&#20013;&#23383;][DVD-MKV][&#39640;&#28165;&#29256;].torrent
    2014-12-28 19:46 - 2014-12-28 19:46 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2014-12-26 13:44 - 2014-12-26 13:44 - 00290288 _____ () C:\WINDOWS\Minidump\122614-33546-01.dmp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-21 22:10 - 2014-06-11 20:32 - 00000000 ____D () C:\Users\Lin\AppData\Roaming\Spotify
    2015-01-21 22:10 - 2014-03-20 22:23 - 00000000 __RDO () C:\Users\Lin\SkyDrive
    2015-01-21 22:10 - 2014-03-12 22:26 - 01504202 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-21 22:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-01-19 21:14 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-01-19 21:10 - 2014-03-12 22:16 - 00000000 ____D () C:\Users\Administrator
    2015-01-19 21:10 - 2013-11-14 02:20 - 00079962 _____ () C:\WINDOWS\PFRO.log
    2015-01-19 21:10 - 2013-10-28 19:28 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
    2015-01-19 21:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME
    2015-01-19 21:10 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-19 21:09 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
    2015-01-19 20:29 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-01-19 20:24 - 2012-08-01 20:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
    2015-01-19 20:16 - 2014-12-14 16:53 - 00000000 ____D () C:\Users\Lin\AppData\Local\HTC MediaHub
    2015-01-12 21:29 - 2013-08-22 09:46 - 00341689 _____ () C:\WINDOWS\setupact.log
    2015-01-08 20:49 - 2014-03-16 15:13 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-01-08 20:49 - 2014-02-27 00:42 - 748205516 _____ () C:\WINDOWS\MEMORY.DMP
    2015-01-08 20:43 - 2014-03-12 22:16 - 00000000 ____D () C:\Users\Lin
    2015-01-08 20:36 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
    2015-01-08 20:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2015-01-08 20:06 - 2014-02-24 21:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3651937335-3126230459-2475322002-1001
    2015-01-08 20:06 - 2013-07-10 21:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-01-08 20:03 - 2014-06-22 17:14 - 00003898 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{38460CE3-F779-40F7-A0A8-066FCFBFA2F6}
    2015-01-08 20:03 - 2013-10-28 19:22 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
    2015-01-08 20:03 - 2013-10-28 19:22 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
    2015-01-08 20:02 - 2014-02-24 20:54 - 00000075 _____ () C:\Users\Lin\AppData\Roaming\sp_data.sys
    2015-01-08 20:01 - 2014-02-24 21:17 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-08 01:47 - 2014-02-24 21:17 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-04 20:34 - 2014-01-24 19:26 - 00000000 ____D () C:\Users\Lin\Documents\Tencent Files
    2015-01-03 02:07 - 2014-07-25 20:40 - 00000000 ____D () C:\Users\Lin\AppData\Roaming\uTorrent
    2015-01-02 08:22 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
    2015-01-02 00:14 - 2014-07-19 21:08 - 00000000 ____D () C:\Users\Lin\Desktop\movie
    2014-12-31 06:14 - 2014-02-27 01:05 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2014-12-25 10:19 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

    Files to move or delete:
    ====================
    C:\ProgramData\SetStretch.exe
    C:\ProgramData\SetStretch.VBS


    Some content of TEMP:
    ====================
    C:\Users\Lin\AppData\Local\Temp\gtapi_signed.dll
    C:\Users\Lin\AppData\Local\Temp\qqsafeud.exe
    C:\Users\Lin\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lin\AppData\Local\Temp\QvodSetup5.20.234.20140508.exe
    C:\Users\Lin\AppData\Local\Temp\QzoneMusic.exe
    C:\Users\Lin\AppData\Local\Temp\shutdown1409015590.exe
    C:\Users\Lin\AppData\Local\Temp\sogou_pinyin_7.1.0.2005_up_5.exe
    C:\Users\Lin\AppData\Local\Temp\sogou_pinyin_7.4.1.4655.exe
    C:\Users\Lin\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-07 01:06

    ==================== End Of Log ============================

    Addition:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
    Ran by Lin at 2015-01-21 22:11:18
    Running from C:\Users\Lin\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Alcor Micro PCIE Card Reader (HKLM-x32\...\AmPeStor) (Version: 2.5.1107.0113 - Alcor Micro Corp.)
    Alcor Micro PCIE Card Reader (x32 Version: 2.5.1107.0113 - Alcor Micro Corp.) Hidden
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.2 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.5 - ASUS)
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
    Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    ChromecastApp (HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dragon Assistant Installer (HKLM-x32\...\{A48069B4-3189-4DC2-AD03-645A16949F2F}) (Version: 1.0.0 - ASUS)
    ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Helix (HKLM-x32\...\{17BDF5D8-E7D0-4573-90C1-F705F2F889D0}) (Version: 1.0.0 - ArchiVision)
    HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
    HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
    Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
    Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
    Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{B0366D1E-F89B-4584-B427-ED8E8C41877C}) (Version: 4.1.42.2308 - Intel)
    Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{bc9808f5-afda-4f96-b90e-da5bfb2ef8da}) (Version: 16.1.4 - Intel Corporation)
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Lingoes 2.9.1 (HKLM-x32\...\Lingoes Translator_is1) (Version: 2.9.1 - Lingoes Project)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
    Realtek USB Ethernet Controller Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.6.626.2013 - Realtek)
    Spotify (HKU\S-1-5-21-3651937335-3126230459-2475322002-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Tencent QQMail Plugin (HKLM-x32\...\QQMailPlugin) (Version: - )
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Driver Package - ASUS (ATP) Mouse (07/16/2013 1.0.0.181) (HKLM\...\16D5A24C881B7CEE31FBA6DD5EC1C194C188F85A) (Version: 07/16/2013 1.0.0.181 - ASUS)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
    &#25628;&#29399;&#25340;&#38899;&#36755;&#20837;&#27861; 7.2&#27491;&#24335;&#29256; (HKLM-x32\...\Sogou Input) (Version: 7.2.1.3736 - Sogou.com)
    &#33150;&#35759;QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 6.2.12179.0 - &#33150;&#35759;&#31185;&#25216;(&#28145;&#22323;)&#26377;&#38480;&#20844;&#21496;)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3651937335-3126230459-2475322002-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    14-12-2014 16:17:22 Windows Update
    20-12-2014 19:37:53 Windows Update
    25-12-2014 10:17:17 Windows Update
    02-01-2015 08:10:55 Scheduled Checkpoint
    08-01-2015 20:31:12 Restore Operation

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0A8B7645-98AB-48E2-AB5E-80E957683F32} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
    Task: {0B6090AA-2131-4226-9198-AECAF4542A05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
    Task: {30FB2D8A-6872-4AD6-AF84-0A749298E40B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS)
    Task: {37D4EE99-E38E-4C03-9FAB-D4A22D856656} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
    Task: {3B5B2DE3-398A-4925-86FD-564CE4115254} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2014-09-26] (Sogou.com Inc.)
    Task: {5B75C2F0-9378-49E4-817B-DB318D260E64} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
    Task: {5DEC9B8F-5614-4EB8-B51A-F1ED51167B8A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-08-08] (AsusTek)
    Task: {61EEF36A-94A6-4EFF-8257-0AE045BE7304} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {650B9863-F15A-4B2D-9169-57D680949D0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
    Task: {759F1F31-D7FC-4F1D-914F-8ED79A542218} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
    Task: {AC3A98B0-4CC8-4FC3-90E0-21B687116798} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {C2E09883-051A-48E6-AC97-C91A0A788E7C} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.)
    Task: {CF0E53D5-A911-4245-A518-2F9352AD1010} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-15] (Microsoft Corporation)
    Task: {D0DED314-B712-485B-A3FA-59BE5CFC0A82} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-09] (ASUSTek Computer Inc.)
    Task: {FACB5098-5FD0-400F-835E-838FC80D2B23} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3651937335-3126230459-2475322002-1001Core.job => C:\Users\Lin\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3651937335-3126230459-2475322002-1001Core1cf89c9bab63cce.job => C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3651937335-3126230459-2475322002-1001Core1cff271c032179b.job => C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3651937335-3126230459-2475322002-1001Core1d0014a115080c0.job => C:\Users\Lin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{38460CE3-F779-40F7-A0A8-066FCFBFA2F6}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-12-19 01:10 - 2012-12-19 01:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    2013-05-30 18:46 - 2013-05-30 18:46 - 00182760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-05-30 18:46 - 2013-05-30 18:46 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
    2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
    2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
    2013-10-28 19:07 - 2013-08-08 15:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-03-28 20:42 - 2013-03-30 00:05 - 00335872 _____ () C:\Users\Lin\AppData\Local\Lingoes\Translator\lingoes-cn\OpenText32.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Lin\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\Lin\SkyDrive (2).old:ms-properties
    AlternateDataStreams: C:\Users\Lin\SkyDrive.old:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3651937335-3126230459-2475322002-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-3651937335-3126230459-2475322002-501 - Limited - Disabled)
    Lin (S-1-5-21-3651937335-3126230459-2475322002-1001 - Administrator - Enabled) => C:\Users\Lin

    ==================== Faulty Device Manager Devices =============

    Name: IWD Bus Enumerator
    Description: IWD Bus Enumerator
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard system devices)
    Service: iwdbus
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/21/2015 10:11:40 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-29T03:11:40Z. Error Code: 0x80040154.

    Error: (01/21/2015 10:11:10 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-29T03:11:10Z. Error Code: 0x80040154.

    Error: (01/21/2015 10:10:40 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-29T03:10:40Z. Error Code: 0x80040154.

    Error: (01/21/2015 10:10:33 PM) (Source: Google Update) (EventID: 20) (User: LIN)
    Description: Network Request Error.
    Error: 0x8007273c. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http s

    Error: (01/19/2015 09:16:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-27T02:16:50Z. Error Code: 0x80040154.

    Error: (01/19/2015 09:16:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-27T02:16:20Z. Error Code: 0x80040154.

    Error: (01/19/2015 09:15:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-27T02:15:50Z. Error Code: 0x80040154.

    Error: (01/19/2015 09:15:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-27T02:15:20Z. Error Code: 0x80040154.

    Error: (01/19/2015 09:14:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-27T02:14:50Z. Error Code: 0x80040154.

    Error: (01/19/2015 09:14:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2114-12-27T02:14:20Z. Error Code: 0x80040154.


    System errors:
    =============
    Error: (01/21/2015 10:10:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the FDResPub service which failed to start because of the following error:
    %%2147952422

    Error: (01/21/2015 10:10:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The FDResPub service terminated with the following error:
    %%2147952422

    Error: (01/21/2015 10:10:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Network Connection Broker service terminated with the following error:
    %%4294967295

    Error: (01/21/2015 10:09:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044

    Error: (01/21/2015 10:09:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the FDResPub service which failed to start because of the following error:
    %%2147952422

    Error: (01/21/2015 10:09:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The FDResPub service terminated with the following error:
    %%2147952422

    Error: (01/21/2015 10:09:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044

    Error: (01/21/2015 10:09:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044

    Error: (01/21/2015 10:09:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044

    Error: (01/21/2015 10:09:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10044


    Microsoft Office Sessions:
    =========================
    Error: (01/21/2015 10:11:40 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-29T03:11:40Z

    Error: (01/21/2015 10:11:10 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-29T03:11:10Z

    Error: (01/21/2015 10:10:40 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-29T03:10:40Z

    Error: (01/21/2015 10:10:33 PM) (Source: Google Update) (EventID: 20) (User: LIN)
    Description: Network Request Error.
    Error: 0x8007273c. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying WinHTTP.
    Send request returned 0x8007273c. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x8007273c. Http s

    Error: (01/19/2015 09:16:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-27T02:16:50Z

    Error: (01/19/2015 09:16:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-27T02:16:20Z

    Error: (01/19/2015 09:15:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-27T02:15:50Z

    Error: (01/19/2015 09:15:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-27T02:15:20Z

    Error: (01/19/2015 09:14:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-27T02:14:50Z

    Error: (01/19/2015 09:14:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: 0x800401542114-12-27T02:14:20Z


    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-29 00:05:43.272
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:05:42.693
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:05:42.038
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:05:41.597
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:05:41.022
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:05:40.561
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:00:37.966
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-29 00:00:37.792
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-28 23:51:27.029
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-28 23:51:26.886
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 32%
    Total physical RAM: 3979.34 MB
    Available physical RAM: 2689.77 MB
    Total Pagefile: 8075.34 MB
    Available Pagefile: 6715.36 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:444.21 GB) (Free:361.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 5B98F280)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 22.4 GB) (Disk ID: 74F02DEA)
    Partition 1: (Not Active) - (Size=22.4 GB) - (Type=73)

    ==================== End Of Log ============================
     
  12. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi lwang4091,

    Please run the following and post the results,


    Farbar Service Scanner (FSS)
    SCAN Option
    Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
    1. Right click on FSS.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    2. Make sure the following options are checked:
      • Internet Services (checked by default)
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    3. Press the "Scan" button.
      When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
    4. Please copy and paste the contents of the FSS.txt log to your reply.
      Note: If you receive an AutoIt error indicating: Error: Variable must be of type "Object", please UNCHECK the "Report Windows Version Fully" option and run the scan again.
     
  13. lwang4091

    lwang4091 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    28
    Hi there,

    Please see report below:

    Farbar Service Scanner Version: 17-01-2015
    Ran by Lin (administrator) on 22-01-2015 at 19:54:42
    Running from "C:\Users\Lin\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is unreachable
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  14. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Well, we really can't fix anything with all these services turn off. Let me do a little research and get back to you.
     
  15. lwang4091

    lwang4091 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    28
    Thanks for your help!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1140844

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice