You are on page 1of 10

Scan result of Farbar Recovery Scan Tool (FRST.

txt) (x64) Version: 20-02-2014


Ran by Li (administrator) on LI-PC on 21-02-2014 20:51:04
Running from C:\Users\Li\Downloads\Programs
Windows 8 Pro (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farba
r-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farba
r-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outda
ted.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial
-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAP
ISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\App
leMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivir
us\PSUAService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivir
us\PSANHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\Li\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusche
d.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivir
us\PSUAMain.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe


(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple
Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Jav
a\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.ex
e [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] - C:\Program Files (x86)\Panda Security\Panda Cloud
Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\
hamachi-2-ui.exe [3813712 2014-02-04] (LogMeIn Inc.)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll
[245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.d
ll [201576 2013-04-08] (NVIDIA Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTA
MP = 0x63E6C73DD718CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http:
//t.xin.msn.com/?rd=1&ucc=SG&dcc=SG&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptL
angs = en-US,ja;q=0.8,en-GB;q=0.7,en;q=0.5,zh-Hans-CN;q=0.3,zh-Hans;q=0.2
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Prog
ram Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect
World Entertainment Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}
- C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Fil
es (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application
\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\3
3.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Applicati
on\33.0.1750.117\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\np
GoogleUpdate3.dll No File

CHR Extension: (Google Docs) - C:\Users\Li\AppData\Local\Google\Chrome\User Data


\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-16]
CHR Extension: (Docs Offline Background Page) - C:\Users\Li\AppData\Local\Google
\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-1
6]
CHR Extension: (YouTube) - C:\Users\Li\AppData\Local\Google\Chrome\User Data\Def
ault\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16]
CHR Extension: (Google Search) - C:\Users\Li\AppData\Local\Google\Chrome\User Da
ta\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Li\AppData\Local\Goo
gle\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-0
7-13]
CHR Extension: (Google Wallet) - C:\Users\Li\AppData\Local\Google\Chrome\User Da
ta\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Li\AppData\Local\Google\Chrome\User Data\Defau
lt\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService
.exe [88400 2014-01-21] (Perfect World Entertainment Inc)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [37
7616 2014-02-04] (LogMeIn, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\
PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet
Co., Ltd.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUA
Service.exe [37344 2013-10-19] (Panda Security, S.L.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (
Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 fwdrv; C:\Windows\system32\DRIVERS\fwdrv.sys [26320 2012-12-14] (Web Solution
Mart)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-02-04] (LogMeIn I
nc.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [44544 2013-01-15] (Many
Cam LLC)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [28160 2013-01-31
] (ManyCam LLC)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Inte
l Corporation)
R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [91368 2013-05-29] (Panda Se
curity, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [122088 2013-05-29] (Panda S
ecurity, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [109288 2013-05-29] (Panda
Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [114920 2013-05-29] (Panda Sec
urity, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [95464 2013-05-29] (Panda Se
curity, S.L.)
S4 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [69864 2013-05-29] (Panda
Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [119016 2013-05-29] (Panda S
ecurity, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [305896 2013-05-29] (Panda S

ecurity, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [118504 2013-05-29] (Panda Sec
urity, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [114920 2013-05-29] (Panda S
ecurity, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [246504 2013-05-29] (Panda S
ecurity, S.L.)
R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [106216 2013-05-29] (Panda S
ecurity, S.L.)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [169192 2013-10-18] (Panda
Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [122600 2013-10-11] (Panda
Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [206056 2013-10-11] (Panda S
ecurity, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124648 2013-10-11] (Panda
Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [137960 2013-10-11] (Panda
Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [105704 2013-10-11] (Panda S
ecurity, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58808 2013-04-29] (Panda Secu
rity, S.L.)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [159160 2014-02-15] (TENCENT)
S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-16] (Wind
ows (R) Win 7 DDK provider)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-21 20:22 - 2014-02-21 20:47 - 00000000 ____D ()
2014-02-21 10:28 - 2014-02-21 10:28 - 00002044 _____ ()
Google Slides.lnk
2014-02-21 10:28 - 2014-02-21 10:28 - 00002042 _____ ()
Google Sheets.lnk
2014-02-21 10:28 - 2014-02-21 10:28 - 00002032 _____ ()
Google Docs.lnk
2014-02-19 18:47 - 2014-02-21 19:40 - 00000000 ___HD ()
2014-02-19 18:46 - 2014-02-19 18:46 - 00000000 ____D ()
ing\Winamp
2014-02-16 21:30 - 2014-02-16 21:30 - 00010390 _____ ()
l\recently-used.xbel
2014-02-16 10:32 - 2014-02-16 10:32 - 00000000 ____D ()
ogMeIn Hamachi
2014-02-16 01:33 - 2014-02-16 21:30 - 00000000 ____D ()
l\gtk-2.0
2014-02-15 15:33 - 2014-02-21 19:39 - 00000344 _____ ()
p.job
2014-02-15 15:33 - 2014-02-15 15:33 - 00336424 _____ ()
necraftInstaller__2490_il133.exe
2014-02-15 15:33 - 2014-02-15 15:33 - 00003330 _____ ()
s\AmiUpdXp
2014-02-15 11:03 - 2014-02-15 11:03 - 00001443 _____ ()
ing\Microsoft\Windows\Start Menu\Programs\BnsUIPro.lnk
2014-02-15 00:36 - 2014-02-15 12:31 - 00000040 _____ ()
t
2014-02-15 00:20 - 2014-02-15 00:20 - 00000000 ____D ()

C:\FRST
C:\Users\Public\Desktop\
C:\Users\Public\Desktop\
C:\Users\Public\Desktop\
C:\ProgramData\NTKernel
C:\Users\Li\AppData\Roam
C:\Users\Li\AppData\Loca
C:\Program Files (x86)\L
C:\Users\Li\AppData\Loca
C:\WINDOWS\Tasks\AmiUpdX
C:\Users\Li\Downloads\Mi
C:\WINDOWS\System32\Task
C:\Users\Li\AppData\Roam
C:\ProgramData\DT0001.da
C:\ProgramData\Tencent

2014-02-15 00:17 - 2014-02-15 00:17


ing\17173
2014-02-13 20:08 - 2014-01-22 16:04
:\WINDOWS\SysWOW64\GameMon.des
2014-02-13 20:08 - 2005-01-02 20:43
:\WINDOWS\SysWOW64\npptNT2.sys
2014-02-13 20:08 - 2003-07-19 05:17
9x.vxd
2014-02-13 07:13 - 2014-02-01 17:20
WINDOWS\system32\ie4uinit.exe
2014-02-13 07:13 - 2014-02-01 17:19
WINDOWS\system32\wininet.dll
2014-02-13 07:13 - 2014-02-01 17:19
WINDOWS\system32\urlmon.dll
2014-02-13 07:13 - 2014-02-01 17:19
WINDOWS\system32\uxtheme.dll
2014-02-13 07:13 - 2014-02-01 17:19
WINDOWS\system32\UXInit.dll
2014-02-13 07:13 - 2014-02-01 17:18
WINDOWS\system32\mshtml.dll
2014-02-13 07:13 - 2014-02-01 17:18
WINDOWS\system32\ieframe.dll
2014-02-13 07:13 - 2014-02-01 17:18
WINDOWS\system32\jscript.dll
2014-02-13 07:13 - 2014-02-01 17:18
WINDOWS\system32\msfeeds.dll
2014-02-13 07:13 - 2014-02-01 17:18
WINDOWS\system32\msrating.dll
2014-02-13 07:13 - 2014-02-01 17:18
WINDOWS\system32\iesysprep.dll
2014-02-13 07:13 - 2014-02-01 17:18
WINDOWS\system32\iesetup.dll
2014-02-13 07:13 - 2014-02-01 17:18
WINDOWS\system32\jsproxy.dll
2014-02-13 07:13 - 2014-02-01 17:18
WINDOWS\system32\iernonce.dll
2014-02-13 07:13 - 2014-02-01 15:58
WINDOWS\SysWOW64\wininet.dll
2014-02-13 07:13 - 2014-02-01 15:58
WINDOWS\SysWOW64\urlmon.dll
2014-02-13 07:13 - 2014-02-01 15:58
WINDOWS\SysWOW64\UXInit.dll
2014-02-13 07:13 - 2014-02-01 15:57
WINDOWS\SysWOW64\ieframe.dll
2014-02-13 07:13 - 2014-02-01 15:57
WINDOWS\SysWOW64\msfeeds.dll
2014-02-13 07:13 - 2014-02-01 15:57
WINDOWS\SysWOW64\msrating.dll
2014-02-13 07:13 - 2014-02-01 15:57
WINDOWS\SysWOW64\iesysprep.dll
2014-02-13 07:13 - 2014-02-01 15:57
WINDOWS\SysWOW64\iesetup.dll
2014-02-13 07:13 - 2014-02-01 15:57
WINDOWS\SysWOW64\jsproxy.dll
2014-02-13 07:13 - 2014-02-01 15:57
WINDOWS\SysWOW64\iernonce.dll
2014-02-13 07:13 - 2014-02-01 15:40
WINDOWS\system32\mshtml.tlb
2014-02-13 07:13 - 2014-02-01 15:34
WINDOWS\SysWOW64\mshtml.tlb

- 00000000 ____D () C:\Users\Li\AppData\Roam


- 05267776 _____ (INCA Internet Co., Ltd.) C
- 00004682 _____ (INCA Internet Co., Ltd.) C
- 00005174 _____ () C:\WINDOWS\SysWOW64\nppt
- 00051712 _____ (Microsoft Corporation) C:\
- 02241536 _____ (Microsoft Corporation) C:\
- 01365504 _____ (Microsoft Corporation) C:\
- 00915968 _____ (Microsoft Corporation) C:\
- 00053760 _____ (Microsoft Corporation) C:\
- 19274240 _____ (Microsoft Corporation) C:\
- 15403520 _____ (Microsoft Corporation) C:\
- 00855552 _____ (Microsoft Corporation) C:\
- 00603136 _____ (Microsoft Corporation) C:\
- 00197120 _____ (Microsoft Corporation) C:\
- 00136704 _____ (Microsoft Corporation) C:\
- 00067072 _____ (Microsoft Corporation) C:\
- 00053760 _____ (Microsoft Corporation) C:\
- 00039936 _____ (Microsoft Corporation) C:\
- 01767936 _____ (Microsoft Corporation) C:\
- 01140736 _____ (Microsoft Corporation) C:\
- 00044032 _____ (Microsoft Corporation) C:\
- 13760512 _____ (Microsoft Corporation) C:\
- 00493056 _____ (Microsoft Corporation) C:\
- 00163840 _____ (Microsoft Corporation) C:\
- 00109056 _____ (Microsoft Corporation) C:\
- 00061440 _____ (Microsoft Corporation) C:\
- 00039936 _____ (Microsoft Corporation) C:\
- 00033280 _____ (Microsoft Corporation) C:\
- 02706432 _____ (Microsoft Corporation) C:\
- 02706432 _____ (Microsoft Corporation) C:\

2014-02-13 07:13 - 2014-02-01 13:08 WINDOWS\SysWOW64\uxtheme.dll


2014-02-13 07:13 - 2013-12-09 08:45 WINDOWS\SysWOW64\vbscript.dll
2014-02-13 07:13 - 2013-12-09 07:59 WINDOWS\system32\vbscript.dll
2014-02-13 07:13 - 2013-12-05 07:43 WINDOWS\system32\msxml3.dll
2014-02-13 07:13 - 2013-12-05 07:37 WINDOWS\SysWOW64\msxml3.dll
2014-02-13 07:13 - 2013-11-27 08:19 atabase.xml
2014-02-13 07:13 - 2013-11-26 07:17 WINDOWS\system32\Drivers\hidclass.sys
2014-02-13 07:13 - 2013-11-01 13:53 WINDOWS\system32\Drivers\tcpip.sys
2014-02-13 07:12 - 2014-02-01 17:18 WINDOWS\system32\jscript9.dll
2014-02-13 07:12 - 2014-02-01 17:18 WINDOWS\system32\iertutil.dll
2014-02-13 07:12 - 2014-02-01 15:57 WINDOWS\SysWOW64\mshtml.dll
2014-02-13 07:12 - 2014-02-01 15:57 WINDOWS\SysWOW64\jscript9.dll
2014-02-13 07:12 - 2014-02-01 15:57 WINDOWS\SysWOW64\iertutil.dll
2014-02-13 07:12 - 2014-02-01 15:57 WINDOWS\SysWOW64\jscript.dll
2014-02-13 07:12 - 2014-01-13 07:30 WINDOWS\system32\d3d10warp.dll
2014-02-13 07:12 - 2014-01-13 07:30 WINDOWS\SysWOW64\d3d10warp.dll
2014-02-13 07:12 - 2013-11-20 08:15 WINDOWS\system32\d2d1.dll
2014-02-13 07:12 - 2013-11-20 07:57 WINDOWS\SysWOW64\d2d1.dll
2014-02-04 14:56 - 2014-02-04 14:56 ystem32\Drivers\Hamdrv.sys
2014-01-30 12:56 - 2014-01-30 13:23 l
2014-01-30 12:56 - 2014-01-30 13:23 ediaPlayerV1
2014-01-25 21:48 - 2014-01-25 21:48 rnet Download Manager

00534528 _____ (Microsoft Corporation) C:\


00523776 _____ (Microsoft Corporation) C:\
00600064 _____ (Microsoft Corporation) C:\
01845248 _____ (Microsoft Corporation) C:\
01419264 _____ (Microsoft Corporation) C:\
00385614 _____ () C:\WINDOWS\system32\ApnD
00083968 _____ (Microsoft Corporation) C:\
02232664 _____ (Microsoft Corporation) C:\
03960320 _____ (Microsoft Corporation) C:\
02648576 _____ (Microsoft Corporation) C:\
14359040 _____ (Microsoft Corporation) C:\
02877952 _____ (Microsoft Corporation) C:\
02049024 _____ (Microsoft Corporation) C:\
00690688 _____ (Microsoft Corporation) C:\
02238976 _____ (Microsoft Corporation) C:\
02032640 _____ (Microsoft Corporation) C:\
03842560 _____ (Microsoft Corporation) C:\
03288576 _____ (Microsoft Corporation) C:\
00046136 ____H (LogMeIn Inc.) C:\WINDOWS\s
00000396 __RSH () C:\ProgramData\ntuser.po
00000000 ____D () C:\Program Files (x86)\M
00000000 ____D () C:\Users\Li\Desktop\Inte

==================== One Month Modified Files and Folders =======


2014-02-21 20:51 - 2014-02-21 20:22 - 00000000 ____D
2014-02-21 20:50 - 2013-07-13 09:14 - 00000000 ____D
ing\Skype
2014-02-21 20:49 - 2013-07-27 09:09 - 00000000 ____D
ing\uTorrent
2014-02-21 20:32 - 2013-05-16 21:10 - 01379678 _____
.log
2014-02-21 20:21 - 2013-05-16 22:28 - 00000902 _____
pdateTaskMachineUA.job
2014-02-21 20:00 - 2012-07-26 16:12 - 00000000 ____D
2014-02-21 19:51 - 2013-05-16 22:20 - 00000000 ___RD
ing\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-21 19:42 - 2013-09-21 13:17 - 00000000 ____D

() C:\FRST
() C:\Users\Li\AppData\Roam
() C:\Users\Li\AppData\Roam
() C:\WINDOWS\WindowsUpdate
() C:\WINDOWS\Tasks\GoogleU
() C:\WINDOWS\system32\sru
() C:\Users\Li\AppData\Roam
() C:\Users\Li\AppData\Loca

l\LogMeIn Hamachi
2014-02-21 19:40 - 2014-02-19 18:47 - 00000000 ___HD () C:\ProgramData\NTKernel
2014-02-21 19:39 - 2014-02-15 15:33 - 00000344 _____ () C:\WINDOWS\Tasks\AmiUpdX
p.job
2014-02-21 19:39 - 2013-05-16 22:28 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleU
pdateTaskMachineCore.job
2014-02-21 11:54 - 2012-07-26 15:28 - 00848230 _____ () C:\WINDOWS\system32\Perf
StringBackup.INI
2014-02-21 10:28 - 2014-02-21 10:28 - 00002044 _____ () C:\Users\Public\Desktop\
Google Slides.lnk
2014-02-21 10:28 - 2014-02-21 10:28 - 00002042 _____ () C:\Users\Public\Desktop\
Google Sheets.lnk
2014-02-21 10:28 - 2014-02-21 10:28 - 00002032 _____ () C:\Users\Public\Desktop\
Google Docs.lnk
2014-02-21 10:28 - 2013-05-16 22:28 - 00000000 ____D () C:\Program Files (x86)\G
oogle
2014-02-21 10:28 - 2013-05-16 22:27 - 00000000 ____D () C:\Users\Li\AppData\Loca
l\Google
2014-02-21 08:23 - 2013-05-16 22:34 - 00002185 _____ () C:\Users\Public\Desktop\
Google Chrome.lnk
2014-02-19 22:28 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-02-19 20:15 - 2013-05-16 21:05 - 00000000 ____D () C:\Users\Li
2014-02-19 18:46 - 2014-02-19 18:46 - 00000000 ____D () C:\Users\Li\AppData\Roam
ing\Winamp
2014-02-18 18:46 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgen
t
2014-02-18 06:03 - 2013-11-15 07:44 - 00694240 _____ (Adobe Systems Incorporated
) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-18 06:03 - 2013-11-15 07:44 - 00078304 _____ (Adobe Systems Incorporated
) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 17:30 - 2013-08-18 23:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-17 17:25 - 2013-07-09 15:22 - 88567024 _____ (Microsoft Corporation) C:\
WINDOWS\system32\MRT.exe
2014-02-17 03:14 - 2013-11-10 15:49 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-02-16 22:50 - 2012-07-26 15:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-16 22:49 - 2013-12-20 15:39 - 00323680 _____ () C:\WINDOWS\system32\FNTC
ACHE.DAT
2014-02-16 22:49 - 2013-05-16 22:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-16 21:31 - 2013-09-15 16:04 - 00000000 ____D () C:\Users\Li\.gimp-2.8
2014-02-16 21:30 - 2014-02-16 21:30 - 00010390 _____ () C:\Users\Li\AppData\Loca
l\recently-used.xbel
2014-02-16 21:30 - 2014-02-16 01:33 - 00000000 ____D () C:\Users\Li\AppData\Loca
l\gtk-2.0
2014-02-16 10:32 - 2014-02-16 10:32 - 00000000 ____D () C:\Program Files (x86)\L
ogMeIn Hamachi
2014-02-16 10:27 - 2013-05-16 21:02 - 00475024 _____ () C:\WINDOWS\PFRO.log
2014-02-15 22:39 - 2013-11-28 21:58 - 00000000 ____D () C:\Users\Li\Downloads\bn
s
2014-02-15 18:02 - 2013-05-16 22:25 - 00003600 _____ () C:\WINDOWS\System32\Task
s\Optimize Start Menu Cache Files-S-1-5-21-2135587215-3420276800-3718709344-1001
2014-02-15 16:16 - 2013-05-16 22:28 - 00003874 _____ () C:\WINDOWS\System32\Task
s\GoogleUpdateTaskMachineUA
2014-02-15 16:16 - 2013-05-16 22:28 - 00003638 _____ () C:\WINDOWS\System32\Task
s\GoogleUpdateTaskMachineCore
2014-02-15 15:34 - 2013-09-21 13:19 - 00000000 ____D () C:\Program Files (x86)\M
inecraft
2014-02-15 15:33 - 2014-02-15 15:33 - 00336424 _____ () C:\Users\Li\Downloads\Mi
necraftInstaller__2490_il133.exe
2014-02-15 15:33 - 2014-02-15 15:33 - 00003330 _____ () C:\WINDOWS\System32\Task
s\AmiUpdXp

2014-02-15 15:33 - 2013-09-21 13:19 - 00001995 _____ () C:\Users\Li\Desktop\Mine


craft.lnk
2014-02-15 12:31 - 2014-02-15 00:36 - 00000040 _____ () C:\ProgramData\DT0001.da
t
2014-02-15 11:54 - 2013-11-23 18:20 - 00159160 _____ (TENCENT) C:\WINDOWS\system
32\TesSafe.sys
2014-02-15 11:03 - 2014-02-15 11:03 - 00001443 _____ () C:\Users\Li\AppData\Roam
ing\Microsoft\Windows\Start Menu\Programs\BnsUIPro.lnk
2014-02-15 00:20 - 2014-02-15 00:20 - 00000000 ____D () C:\ProgramData\Tencent
2014-02-15 00:17 - 2014-02-15 00:17 - 00000000 ____D () C:\Users\Li\AppData\Roam
ing\17173
2014-02-14 22:13 - 2012-07-26 13:26 - 00262144 ___SH () C:\WINDOWS\system32\conf
ig\BBI
2014-02-04 14:56 - 2014-02-04 14:56 - 00046136 ____H (LogMeIn Inc.) C:\WINDOWS\s
ystem32\Drivers\Hamdrv.sys
2014-02-01 17:20 - 2014-02-13 07:13 - 00051712 _____ (Microsoft Corporation) C:\
WINDOWS\system32\ie4uinit.exe
2014-02-01 17:19 - 2014-02-13 07:13 - 02241536 _____ (Microsoft Corporation) C:\
WINDOWS\system32\wininet.dll
2014-02-01 17:19 - 2014-02-13 07:13 - 01365504 _____ (Microsoft Corporation) C:\
WINDOWS\system32\urlmon.dll
2014-02-01 17:19 - 2014-02-13 07:13 - 00915968 _____ (Microsoft Corporation) C:\
WINDOWS\system32\uxtheme.dll
2014-02-01 17:19 - 2014-02-13 07:13 - 00053760 _____ (Microsoft Corporation) C:\
WINDOWS\system32\UXInit.dll
2014-02-01 17:18 - 2014-02-13 07:13 - 19274240 _____ (Microsoft Corporation) C:\
WINDOWS\system32\mshtml.dll
2014-02-01 17:18 - 2014-02-13 07:13 - 15403520 _____ (Microsoft Corporation) C:\
WINDOWS\system32\ieframe.dll
2014-02-01 17:18 - 2014-02-13 07:13 - 00855552 _____ (Microsoft Corporation) C:\
WINDOWS\system32\jscript.dll
2014-02-01 17:18 - 2014-02-13 07:13 - 00603136 _____ (Microsoft Corporation) C:\
WINDOWS\system32\msfeeds.dll
2014-02-01 17:18 - 2014-02-13 07:13 - 00197120 _____ (Microsoft Corporation) C:\
WINDOWS\system32\msrating.dll
2014-02-01 17:18 - 2014-02-13 07:13 - 00136704 _____ (Microsoft Corporation) C:\
WINDOWS\system32\iesysprep.dll
2014-02-01 17:18 - 2014-02-13 07:13 - 00067072 _____ (Microsoft Corporation) C:\
WINDOWS\system32\iesetup.dll
2014-02-01 17:18 - 2014-02-13 07:13 - 00053760 _____ (Microsoft Corporation) C:\
WINDOWS\system32\jsproxy.dll
2014-02-01 17:18 - 2014-02-13 07:13 - 00039936 _____ (Microsoft Corporation) C:\
WINDOWS\system32\iernonce.dll
2014-02-01 17:18 - 2014-02-13 07:12 - 03960320 _____ (Microsoft Corporation) C:\
WINDOWS\system32\jscript9.dll
2014-02-01 17:18 - 2014-02-13 07:12 - 02648576 _____ (Microsoft Corporation) C:\
WINDOWS\system32\iertutil.dll
2014-02-01 15:58 - 2014-02-13 07:13 - 01767936 _____ (Microsoft Corporation) C:\
WINDOWS\SysWOW64\wininet.dll
2014-02-01 15:58 - 2014-02-13 07:13 - 01140736 _____ (Microsoft Corporation) C:\
WINDOWS\SysWOW64\urlmon.dll
2014-02-01 15:58 - 2014-02-13 07:13 - 00044032 _____ (Microsoft Corporation) C:\
WINDOWS\SysWOW64\UXInit.dll
2014-02-01 15:57 - 2014-02-13 07:13 - 13760512 _____ (Microsoft Corporation) C:\
WINDOWS\SysWOW64\ieframe.dll
2014-02-01 15:57 - 2014-02-13 07:13 - 00493056 _____ (Microsoft Corporation) C:\
WINDOWS\SysWOW64\msfeeds.dll
2014-02-01 15:57 - 2014-02-13 07:13 - 00163840 _____ (Microsoft Corporation) C:\
WINDOWS\SysWOW64\msrating.dll
2014-02-01 15:57 - 2014-02-13 07:13 - 00109056 _____ (Microsoft Corporation) C:\

WINDOWS\SysWOW64\iesysprep.dll
2014-02-01 15:57 - 2014-02-13 07:13
WINDOWS\SysWOW64\iesetup.dll
2014-02-01 15:57 - 2014-02-13 07:13
WINDOWS\SysWOW64\jsproxy.dll
2014-02-01 15:57 - 2014-02-13 07:13
WINDOWS\SysWOW64\iernonce.dll
2014-02-01 15:57 - 2014-02-13 07:12
WINDOWS\SysWOW64\mshtml.dll
2014-02-01 15:57 - 2014-02-13 07:12
WINDOWS\SysWOW64\jscript9.dll
2014-02-01 15:57 - 2014-02-13 07:12
WINDOWS\SysWOW64\iertutil.dll
2014-02-01 15:57 - 2014-02-13 07:12
WINDOWS\SysWOW64\jscript.dll
2014-02-01 15:40 - 2014-02-13 07:13
WINDOWS\system32\mshtml.tlb
2014-02-01 15:34 - 2014-02-13 07:13
WINDOWS\SysWOW64\mshtml.tlb
2014-02-01 13:08 - 2014-02-13 07:13
WINDOWS\SysWOW64\uxtheme.dll
2014-01-30 13:23 - 2014-01-30 12:56
l
2014-01-30 13:23 - 2014-01-30 12:56
ediaPlayerV1
2014-01-30 12:56 - 2013-12-10 22:57
2014-01-30 12:56 - 2012-07-26 16:12
pPolicy
2014-01-28 16:45 - 2013-05-16 22:19
l\VirtualStore
2014-01-25 21:48 - 2014-01-25 21:48
rnet Download Manager
2014-01-25 21:47 - 2012-07-26 15:21
2014-01-23 18:13 - 2013-11-07 20:57
ing\Arc
2014-01-22 16:04 - 2014-02-13 20:08
:\WINDOWS\SysWOW64\GameMon.des

- 00061440 _____ (Microsoft Corporation) C:\


- 00039936 _____ (Microsoft Corporation) C:\
- 00033280 _____ (Microsoft Corporation) C:\
- 14359040 _____ (Microsoft Corporation) C:\
- 02877952 _____ (Microsoft Corporation) C:\
- 02049024 _____ (Microsoft Corporation) C:\
- 00690688 _____ (Microsoft Corporation) C:\
- 02706432 _____ (Microsoft Corporation) C:\
- 02706432 _____ (Microsoft Corporation) C:\
- 00534528 _____ (Microsoft Corporation) C:\
- 00000396 __RSH () C:\ProgramData\ntuser.po
- 00000000 ____D () C:\Program Files (x86)\M
- 00000235 _____ () C:\extensions.ini
- 00000000 ___HD () C:\WINDOWS\system32\Grou
- 00000000 ____D () C:\Users\Li\AppData\Loca
- 00000000 ____D () C:\Users\Li\Desktop\Inte
- 00026492 _____ () C:\WINDOWS\setupact.log
- 00000000 ____D () C:\Users\Li\AppData\Roam
- 05267776 _____ (INCA Internet Co., Ltd.) C

Files to move or delete:


====================
C:\ProgramData\DT0001.dat
Some content of TEMP:
====================
C:\Users\Li\AppData\Local\Temp\A25D_minecraftsetup.exe
C:\Users\Li\AppData\Local\Temp\air3371.exe
C:\Users\Li\AppData\Local\Temp\airA25E.exe
C:\Users\Li\AppData\Local\Temp\airD7F5.exe
C:\Users\Li\AppData\Local\Temp\FastDownload.exe
C:\Users\Li\AppData\Local\Temp\FH1AF3.tmp.exe
C:\Users\Li\AppData\Local\Temp\FHBE48.tmp.exe
C:\Users\Li\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Li\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Li\AppData\Local\Temp\Offercast2802_MYC_.exe
C:\Users\Li\AppData\Local\Temp\TXPltSafeInit.dll
C:\Users\Li\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit


C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-17 17:25
==================== End Of Log ============================