Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016 Ran by user (administrator) on USER-PC (26-02-2016 06:20:43) Running from C:\Users\user\Downloads\Programs Loaded Profiles: user (Available Profiles: user) Platform: Windows 7 Home Premium (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Kingsoft Corporation) C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxescore.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Kingsoft Corporation) C:\Program Files (x86)\Kingsoft\kwifi\knatsvc.exe () C:\ExpressGateUtil\VAWinService.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ALi) C:\Windows\WebCam\S6000\S6000Mnt.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () C:\ExpressGateUtil\VAWinAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Kingsoft Corporation) C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxetray.exe (Kingsoft Corporation) C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kwsprotect64.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe () C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\baiduyunguanjia.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [558168 2010-04-01] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [349272 2010-04-01] (Atheros Communications) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [37888 2010-11-20] (Windows (R) Win 7 DDK provider) HKLM-x32\...\Run: [S6000Mnt] => C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] () HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] () HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Fuji Xerox DocuPrint C1190 FS Launcher] => C:\Program Files (x86)\Fuji Xerox\DocuPrint C1190 FS\Address Book Editor\Launcher_dpc1190fs.exe [780192 2008-10-28] (Fuji Xerox Co., Ltd.) HKLM-x32\...\Run: [kxesc] => c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe [1528232 2015-06-29] (Kingsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3919928 2016-02-12] (Tonec Inc.) HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\Policies\Explorer: [nolowdiskspacechecks] 1 HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: F - F:\Setup.exe /s HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {10ee1017-edd8-11e2-a277-e0b9a5453050} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {225cd081-d19f-11e3-b9ed-f46d0414da7e} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {225cd0a8-d19f-11e3-b9ed-f46d0414da7e} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {2dbf599d-81b7-11e3-bc78-f46d0414da7e} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {2dbf59a3-81b7-11e3-bc78-f46d0414da7e} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {2dbf59b7-81b7-11e3-bc78-f46d0414da7e} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {36b7d435-f9a1-11e2-bd96-e0b9a5453050} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {36b7d442-f9a1-11e2-bd96-e0b9a5453050} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {36ccbf81-1e13-11e2-a556-e0b9a5453050} - F:\Startme.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {3b76eaf7-cffc-11e3-89e0-f46d0414da7e} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {55bad8a8-1531-11e3-baef-e0b9a5453050} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {5a0d519a-a389-11e3-a071-f46d0414da7e} - G:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {66193362-37c4-11e3-bbe4-e0b9a5453050} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {78fddd3d-4b3e-11e4-9855-e0b9a5453050} - F:\Setup.exe /s HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {855f2450-d1b7-11e3-8abc-f46d0414da7e} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {981a9d8c-37a4-11e3-bbc7-e0b9a5453050} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {b7d778b2-1d79-11e2-a4d7-e0b9a5453050} - G:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {c1b80602-f3f5-11e2-bbfb-e0b9a5453050} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {c1b80611-f3f5-11e2-bbfb-e0b9a5453050} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {c1e01283-a714-11e5-9385-e0b9a5453050} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {ed637094-e905-11e3-892a-e0b9a5453050} - F:\AutoRun.exe HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\MountPoints2: {ff7f1b45-fbf8-11e3-a28d-f46d0414da7e} - F:\AutoRun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(300).dll [2013-08-20] (深圳市迅雷网络技术有限公司) ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D298} => No File ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => No File GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:54310;https=127.0.0.1:54310; ProxyServer: [S-1-5-21-1097508591-4218206319-2765286090-1001] => http=127.0.0.1:54310;https=127.0.0.1:54310 AutoConfigURL: [S-1-5-21-1097508591-4218206319-2765286090-1001] => hxxp://stop-block.org/wpad.dat?e45a3b988a1447b4edf0e9e2b6f0c5be6379228 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{015EAC2E-7EA6-4421-9D1A-DB02410B0E8C}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{0362CDF1-FAEE-4C0A-A70D-01049421F2A1}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{673A9624-F65A-4678-9B6C-BBF5C34A21A5}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{8F05874E-95AC-47F7-98DF-35F12F529304}: [DhcpNameServer] 192.168.42.129 ManualProxies: 0hxxp://stop-block.org/wpad.dat?e45a3b988a1447b4edf0e9e2b6f0c5be6379228 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.duba.com/?f=2 HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97480197_hao_pg SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=98012088_dg&ch=5&ie=utf-8 SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1097508591-4218206319-2765286090-1001 -> OldSearch URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=79081068_1_oem_dg&ch=33 SearchScopes: HKU\S-1-5-21-1097508591-4218206319-2765286090-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1097508591-4218206319-2765286090-1001 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=98012088_dg&ch=5&ie=utf-8 SearchScopes: HKU\S-1-5-21-1097508591-4218206319-2765286090-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1097508591-4218206319-2765286090-1001 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=79081068_2_oem_dg&ch=33 BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-27] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-27] (Oracle Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation) BHO-x32: No Name -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> No File BHO-x32: 迅雷下载支持组件 -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll [2014-04-23] (深圳市迅雷网络技术有限公司) Toolbar: HKU\S-1-5-21-1097508591-4218206319-2765286090-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Handler-x32: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx [2015-06-29] (广州酷狗计算机科技有限公司) Handler-x32: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx [2015-06-29] (广州酷狗计算机科技有限公司) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-03-12] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-03-12] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-03-12] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-03-12] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tso8zxg9.default FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-18] () FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-27] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll [No File] FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-18] () FF Plugin-x32: @baidu.com/npxbdsetup -> C:\Windows\Downloaded Program Files\24034169\npxbdsetup.dll [2012-12-26] () FF Plugin-x32: @baidu.com/npxbdyy -> D:\BaiduPlayer\3.8.0.16\npxbdyy.dll [No File] FF Plugin-x32: @baidu.com/UploadPlugin -> C:\Users\user\AppData\Roaming\baidu\Baidu Uploader\npUploader.dll [2013-04-24] (Baidu.com, Inc.) FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2015-12-08] (Baidu.com, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation) FF Plugin-x32: @kingsfot.com/npkws -> C:\Program Files (x86)\Kingsoft\kingsoft antivirus\npkws.dll [2015-06-29] (Kingsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File] FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.4090\npplugin2.dll [No File] FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File] FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [No File] FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [No File] FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [No File] FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QzoneMusic\npQzoneMusic.dll [No File] FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent) FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-22] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-22] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @xigua.com/npxgax -> C:\Program Files (x86)\xigua\2.13.0.0\npxgax.dll [2015-07-08] () FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2014-10-25] ( ) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-24] (Zeon Corporation) FF Plugin HKU\S-1-5-21-1097508591-4218206319-2765286090-1001: @1.qq.com/npqqwebgame -> C:\Users\user\AppData\Roaming\Tencent\WebGamePlugin\1.0.3.9\npqqwebgame.dll [No File] FF Plugin HKU\S-1-5-21-1097508591-4218206319-2765286090-1001: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [No File] FF Plugin HKU\S-1-5-21-1097508591-4218206319-2765286090-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2013-11-06] (Skype Limited) FF Plugin HKU\S-1-5-21-1097508591-4218206319-2765286090-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-19] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1097508591-4218206319-2765286090-1001: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2014-10-25] ( ) FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27] FF Extension: 1-Click YouTube Video Downloader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tso8zxg9.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-02-18] FF Extension: Block site - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tso8zxg9.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-02-21] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tso8zxg9.default\Extensions\artur.dubovoy@gmail.com [2016-02-18] FF Extension: YouTube mp3 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tso8zxg9.default\Extensions\info@youtube-mp3.org.xpi [2016-02-18] FF Extension: YouTube Unblocker - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tso8zxg9.default\Extensions\youtubeunblocker@unblocker.yt [2016-02-18] FF HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-02-05] [not signed] FF HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2016-02-26] [not signed] FF HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi Chrome: ======= CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3310393&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC6ED4181-F5B0-4760-9EEA-38A3898CC883&SSPV= CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggTJA0JUVpHFxgRdg0KTA1BFFYOeF8AVhRAGAUbdg8PAwtDEFcFIk0FA1oDB0VXfV5bFElXTwhwJVx1DksUc1BQNVVMEnEEQw==" CHR StartupUrls: Default -> "hxxp://websearch.fastosearch.info/?pid=1319&r=2014/06/18&hid=10562822683258151075&lg=EN&cc=MY&unqvl=55","hxxp://www.omniboxes.com/?type=hp&ts=1425164643&from=obw&uid=ST9640320AS_5WX40R4VXXXX5WX40R4V" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28] CHR Extension: (King of Fighters (KOF WING)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfaohihhkmgfjpjkeehipkmakcddncj [2014-10-26] CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-02-14] CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] CHR HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-28] CHR HKU\S-1-5-21-1097508591-4218206319-2765286090-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [34392 2010-04-01] (Atheros Communications) [File not signed] S3 BaiduYunUtility; C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\YunUtilityService.exe [90392 2015-12-08] () S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [429784 2015-03-10] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-10] (BlueStack Systems, Inc.) S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-03-10] (BlueStack Systems, Inc.) S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) S2 dg670; C:\Windows\SysWOW64\dg670\dg670.dll [100720 2014-03-17] (MyDrivers.com) S3 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-01-21] (Microsoft Corporation) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-05-20] () [File not signed] R2 knatsvc; C:\Program Files (x86)\kingsoft\kwifi\knatsvc.exe [285040 2016-02-14] (Kingsoft Corporation) R2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [284112 2015-06-29] (Kingsoft Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5434008 2013-08-26] (INCA Internet Co., Ltd.) S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S3 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4298296 2014-12-17] (SoftEther VPN Project at University of Tsukuba, Japan.) R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S3 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2014-10-25] (ShenZhen Xunlei Networking Technologies,LTD) S2 Apache2.4; "D:\xampp\apache\bin\httpd.exe" -k runservice [X] S3 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X] S2 kphonesvc; "C:\program files (x86)\kingsoft\shoujizhushou\kphonesvc.exe" -svc [X] S4 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X] S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X] S2 mysql; D:\xampp\mysql\bin\mysqld.exe --defaults-file=d:\xampp\mysql\bin\my.ini mysql S3 QPCore; "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] () R0 bootsafe; C:\Windows\System32\Drivers\bootsafe64.sys [33128 2015-12-02] (Kingsoft Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145624 2015-03-10] (BlueStack Systems) R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87424 2012-10-22] (Motorola Solutions, Inc.) S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-18] () S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [49664 2010-11-20] (Fresco Logic) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation) R0 kavbootc; C:\Windows\System32\drivers\kavbootc64.sys [31848 2015-06-29] (Kingsoft Corporation) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [190792 2015-06-29] (Kingsoft Corporation) R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [229192 2015-06-29] (Kingsoft Corporation) R1 kisnetm; c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64.sys [109880 2015-06-29] (Kingsoft Corporation) S3 KNBDrv; C:\Windows\system32\drivers\KNBDrv.sys [102704 2014-05-18] (Kingsoft Corporation) R2 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-12-04] (Kingsoft Corporation) R1 LiebaoNAT; C:\Windows\System32\DRIVERS\liebaonat64.sys [41664 2015-12-04] (Kingsoft Corporation) S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed] R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0121.sys [28768 2014-12-17] (SoftEther VPN Project at University of Tsukuba, Japan.) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed] S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed] S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R2 QQProtectX64; C:\Windows\system32\drivers\QQProtectX64.sys [72120 2015-09-06] (Tencent) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8222312 2012-03-13] (Realtek Semiconductor Corp.) S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation) S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation) S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation) S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation) S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] () S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed] S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X] S3 Gun; \??\D:\SoftnyxGame\GunBoundIS\Gun64.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X] S3 qmsd; \??\D:\按键精灵9\按键精灵9\qmsd.sys [X] S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVCx32: dg670 -> C:\Windows\SysWOW64\dg670\dg670.dll (MyDrivers.com) NETSVCx32: dg597 -> no filepath. ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-26 06:20 - 2016-02-26 06:20 - 00000000 ____D C:\FRST 2016-02-26 03:32 - 2016-02-26 03:32 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2016-02-24 19:42 - 2016-02-24 19:42 - 00155870 _____ C:\Users\user\Desktop\update-detail-e.pptx 2016-02-24 05:54 - 2016-02-24 05:49 - 00002974 _____ C:\Users\user\Desktop\AdwCleaner[C5].txt 2016-02-20 16:40 - 2016-02-20 16:40 - 00114640 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2016-02-18 17:59 - 2016-02-18 18:00 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla 2016-02-18 17:55 - 2016-02-26 06:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-18 17:55 - 2016-02-18 17:55 - 00001125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-02-18 17:55 - 2016-02-18 17:55 - 00001113 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-02-18 17:55 - 2016-02-18 17:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-18 15:57 - 2016-02-18 15:57 - 00000000 ____D C:\Program Files\Internet Download Manager 2016-02-18 15:47 - 2016-02-18 15:47 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-02-18 09:57 - 2016-02-18 09:57 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group 2016-02-18 09:55 - 2016-02-18 09:57 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2016-02-18 07:53 - 2016-02-18 07:53 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-02-18 05:28 - 2016-02-18 07:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-02-18 05:28 - 2016-02-18 06:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job_ 2016-02-18 05:28 - 2016-02-18 05:28 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-02-15 13:53 - 2016-02-15 13:53 - 00851185 _____ C:\Users\user\Desktop\WISE VISA GOLD 022016.pdf 2016-02-15 13:40 - 2016-02-15 13:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-02-15 13:39 - 2016-02-18 15:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-02-15 13:39 - 2016-02-15 13:39 - 00002009 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-02-15 13:38 - 2016-02-15 13:38 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-02-15 13:06 - 2016-02-15 13:06 - 00069207 _____ C:\Users\user\Downloads\excel format new epf.xlsx 2016-02-15 13:03 - 2016-02-15 13:03 - 00074874 _____ C:\Users\user\Downloads\KSWP6 Borang A.xlsx 2016-02-15 13:03 - 2016-02-15 13:03 - 00074874 _____ C:\Users\user\Downloads\KSWP6 Borang A (1).xlsx 2016-02-13 07:26 - 2016-02-25 19:02 - 00000000 ____D C:\Users\user\Desktop\Society thing 2016-02-13 06:19 - 2016-02-13 06:44 - 00000673 _____ C:\Users\user\Desktop\drama release list.txt 2016-02-11 22:26 - 2016-01-28 17:20 - 00209056 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2016-02-05 22:27 - 2016-02-05 22:28 - 270370687 _____ C:\Users\user\Desktop\彩虹小馬 魔法公主-中文配音 - YouTube.mp4 2016-02-02 13:41 - 2016-02-02 13:41 - 119172528 _____ C:\Users\user\Desktop\马云达沃斯44分钟全程英文演讲 - YouTube.mp4 2016-02-02 13:31 - 2016-02-02 13:31 - 110729395 _____ C:\Users\user\Desktop\马克•扎克伯格用中文为清华学生授课 - YouTube.mp4 2016-02-02 07:56 - 2016-02-02 07:56 - 00765250 _____ C:\Users\user\Downloads\WISE VISA GOLD 012016.pdf 2016-02-02 07:46 - 2016-02-02 07:46 - 00001115 _____ C:\Users\user\Downloads\CCardTran0202160747147811.csv ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-26 06:15 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF 2016-02-26 05:01 - 2015-10-30 03:55 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc 2016-02-26 05:01 - 2015-01-14 09:52 - 00000000 ____D C:\Users\user\AppData\Roaming\DMCache 2016-02-26 03:39 - 2009-07-14 12:45 - 00015904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-26 03:39 - 2009-07-14 12:45 - 00015904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-26 03:38 - 2009-07-14 13:13 - 00802562 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-26 03:38 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf 2016-02-26 03:32 - 2013-09-30 18:16 - 00000478 _____ C:\Windows\Tasks\SDMsgUpdate (Local).job 2016-02-26 03:32 - 2013-09-30 18:16 - 00000470 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job 2016-02-26 03:32 - 2013-07-24 08:20 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-02-26 03:32 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-25 12:09 - 2012-11-20 10:09 - 00000000 ____D C:\Users\user\AppData\Roaming\KuGou8 2016-02-25 10:39 - 2013-12-19 08:18 - 00000000 ____D C:\Users\user\Documents\Outlook Files 2016-02-25 10:07 - 2014-10-24 03:49 - 00010225 _____ C:\ckcore.txt 2016-02-25 10:01 - 2014-06-16 05:48 - 00000000 ____D C:\Users\user\AppData\LocalLow\XiGuaPlayer 2016-02-25 05:03 - 2012-08-19 09:30 - 00001042 _____ C:\Users\user\AppData\Roaming\CoreAVC.ini 2016-02-24 14:17 - 2014-10-27 14:27 - 00000000 ____D C:\AdwCleaner 2016-02-22 15:56 - 2015-07-06 18:42 - 00000000 ____D C:\Users\user\Desktop\Internship 2016-02-21 16:41 - 2015-01-14 09:52 - 00000000 ____D C:\Users\user\Downloads\Compressed 2016-02-21 07:30 - 2015-08-02 17:26 - 00000000 ____D C:\Users\user\Desktop\New folder (3) 2016-02-18 17:59 - 2015-03-23 16:45 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla 2016-02-18 16:20 - 2014-08-27 19:42 - 00000008 __RSH C:\ProgramData\ntuser.pol 2016-02-18 16:20 - 2013-07-29 15:35 - 00000008 __RSH C:\Users\user\ntuser.pol 2016-02-18 16:19 - 2015-04-06 09:16 - 00000000 ____D C:\Users\user\Desktop\New folder (2) 2016-02-18 16:19 - 2014-10-26 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-02-18 15:57 - 2015-01-14 10:12 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2016-02-18 15:44 - 2014-05-18 13:38 - 00000000 __SHD C:\KRECYCLE 2016-02-18 15:32 - 2015-01-14 10:12 - 00000975 _____ C:\Users\user\Desktop\Internet Download Manager.lnk 2016-02-18 14:47 - 2012-07-21 15:42 - 00000000 ____D C:\Program Files (x86)\CometBird 2016-02-18 13:31 - 2012-07-20 18:29 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2016-02-18 13:27 - 2016-01-25 08:27 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps 2016-02-18 06:06 - 2015-11-07 05:23 - 00000000 ____D C:\Users\user\AppData\Roaming\VirtualBox 2016-02-18 06:06 - 2014-10-07 19:35 - 00000000 ____D C:\Users\user\AppData\Roaming\qmacro 2016-02-18 05:29 - 2014-07-15 13:12 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2016-02-18 05:28 - 2015-03-26 10:23 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-02-18 05:28 - 2015-03-26 10:23 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-18 05:28 - 2015-03-26 10:23 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-02-18 04:34 - 2012-08-16 09:55 - 00000000 ____D C:\Users\Public\Thunder Network 2016-02-15 13:45 - 2014-07-15 13:12 - 00000000 ____D C:\ProgramData\Adobe 2016-02-13 07:28 - 2015-11-26 19:15 - 00000000 ____D C:\Users\user\Desktop\Japan Trip 2016-02-13 07:27 - 2015-06-23 14:08 - 00000000 ____D C:\Users\user\Desktop\ICATS PEER TUTOR NOTE LATEST 2016-02-13 07:26 - 2015-09-05 17:56 - 00000000 ____D C:\Users\user\Desktop\DaoTaFuBen 2016-02-13 05:55 - 2014-11-23 15:51 - 00000000 ____D C:\Users\user\Documents\Tencent Files 2016-01-27 05:58 - 2012-07-21 12:58 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics ==================== Files in the root of some directories ======= 2015-11-10 14:16 - 2015-11-10 14:17 - 0155400 _____ () C:\Program Files (x86)\Common Files\smcv_C6A0B05D9659.dll 2015-10-09 18:01 - 2015-10-09 18:01 - 0160512 _____ () C:\Program Files (x86)\Common Files\smcv_E0B9A544E7A7.dll 2012-08-12 16:44 - 2012-08-12 16:44 - 0000070 _____ () C:\Users\user\AppData\Roaming\249F.exe 2012-08-12 14:57 - 2012-08-12 14:57 - 0000070 _____ () C:\Users\user\AppData\Roaming\2BE.exe 2012-08-13 07:14 - 2012-08-13 07:14 - 0000070 _____ () C:\Users\user\AppData\Roaming\697B.exe 2012-08-18 10:24 - 2012-08-18 10:24 - 0000070 _____ () C:\Users\user\AppData\Roaming\89CC.exe 2012-08-18 13:17 - 2012-08-18 13:17 - 0000070 _____ () C:\Users\user\AppData\Roaming\A81C.exe 2015-08-05 14:08 - 2015-08-05 14:08 - 0000033 _____ () C:\Users\user\AppData\Roaming\app.ini 2012-08-18 13:04 - 2012-08-18 13:04 - 0000070 _____ () C:\Users\user\AppData\Roaming\BD5F.exe 2012-08-19 09:30 - 2016-02-25 05:03 - 0001042 _____ () C:\Users\user\AppData\Roaming\CoreAVC.ini 2012-08-18 09:03 - 2012-08-18 09:03 - 0000070 _____ () C:\Users\user\AppData\Roaming\DCD8.exe 2013-05-19 18:00 - 2015-03-28 10:46 - 0000379 _____ () C:\Users\user\AppData\Roaming\Digital Clock_Settings.ini 2012-08-18 11:51 - 2012-08-18 11:51 - 0000070 _____ () C:\Users\user\AppData\Roaming\E1FC.exe 2012-08-18 13:24 - 2012-08-18 13:24 - 0000070 _____ () C:\Users\user\AppData\Roaming\F4C6.exe 2014-01-05 12:51 - 2015-12-02 04:57 - 0000030 _____ () C:\Users\user\AppData\Roaming\fixcfg.ini 2012-09-07 21:06 - 2012-09-07 21:06 - 0045270 _____ () C:\Users\user\AppData\Roaming\room_v3.dat 2015-08-28 19:13 - 2015-08-28 19:13 - 3983840 _____ () C:\Users\user\AppData\Roaming\SGP1M5HD.TXT 2013-12-19 01:21 - 2014-10-27 02:21 - 0000157 _____ () C:\Users\user\AppData\Roaming\WB.CFG 2015-01-14 09:09 - 2015-01-14 09:09 - 0001700 _____ () C:\Users\user\AppData\Roaming\毒霸网址大全.lnk 2012-10-15 16:23 - 2014-05-16 10:47 - 0007602 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg 2015-05-23 03:32 - 2015-05-23 03:32 - 0000000 _____ () C:\Users\user\AppData\Local\Temp.dat 2015-12-05 06:39 - 2015-12-10 04:07 - 1838984 _____ (ALimama Agent) C:\ProgramData\alimamaagent_atb.exe 2015-11-09 13:22 - 2015-11-09 14:22 - 0000483 _____ () C:\ProgramData\debug.log 2011-03-12 23:42 - 2011-03-12 23:42 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-03-12 21:31 - 2011-03-12 21:32 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-03-12 21:30 - 2011-03-12 21:31 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2011-03-12 23:37 - 2011-03-12 23:41 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2011-03-12 23:41 - 2011-03-12 23:42 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log 2011-03-12 23:36 - 2011-03-12 23:37 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log Files to move or delete: ==================== C:\ProgramData\alimamaagent_atb.exe Some files in TEMP: ==================== C:\Users\user\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-23 09:32 ==================== End of FRST.txt ============================