Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015 01 Ran by Gigi (administrator) on GIGI-PC (11-09-2015 17:49:09) Running from C:\Users\Gigi\Downloads Loaded Profiles: Gigi (Available Profiles: Gigi) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\RsMgrSvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (ASUSTeK Computer Inc.) C:\Windows\System32\Fast Boot\FastBootAgent.exe (ATK) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe (AlcorMicro Co., Ltd.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (ETRWTER) C:\Program Files\fr\fr.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\popwndexe.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\rstray.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\ravmond.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2009-04-10] (AlcorMicro Co., Ltd.) HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS) HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2015-07-15] (Kaspersky Lab ZAO) HKLM\...\Run: [fr] => C:\Program Files\fr\fr.exe [262144 2015-08-11] (ETRWTER) HKLM\...\Run: [RSDTRAY] => C:\Program Files\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.) HKLM\...\Run: [RavTRAY] => C:\Program Files\Rising\RAV\rstray.exe [111000 2015-08-21] (Beijing Rising Information Technology Co., Ltd.) HKU\S-1-5-21-446619337-4208120879-3162927107-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd) HKU\S-1-5-21-446619337-4208120879-3162927107-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2015-07-13] ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.) BootExecute: autocheck autochk * bsmain ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{39A2655E-618D-4F07-A3CD-3B52D3BCD391}: [NameServer] 52.17.204.69,8.8.8.8 Tcpip\..\Interfaces\{39A2655E-618D-4F07-A3CD-3B52D3BCD391}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 52.17.204.69,8.8.8.8 Tcpip\..\Interfaces\{F9499AF4-EE1B-47BC-A0CA-326BE525D136}: [NameServer] 52.17.204.69,8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-446619337-4208120879-3162927107-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-07-15] (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-07-15] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll [2015-07-15] (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2015-07-15] (Kaspersky Lab ZAO) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default FF Homepage: hxxps://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2015-08-21] (Beijing Rising Information Technology Co., Ltd.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-446619337-4208120879-3162927107-1001: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2015-08-21] (Beijing Rising Information Technology Co., Ltd.) FF Plugin HKU\S-1-5-21-446619337-4208120879-3162927107-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gigi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF Extension: jid1P34HaABBBpOerQjetpack - C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default\Extensions\jid1-P34HaABBBpOerQ@jetpack [2015-09-11] FF Extension: uBlock Origin - C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default\Extensions\uBlock0@raymondhill.net.xpi [2015-07-15] FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2015-07-15] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2015-07-15] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2015-07-15] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-08-21] Chrome: ======= CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2013-02-28] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2013-02-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2013-02-28] CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh Opera: ======= OPR Extension: (SavePass 1.1) - C:\Users\Gigi\AppData\Roaming\Opera Software\Opera Stable\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh [2015-08-17] OPR Extension: (iWebar) - C:\Users\Gigi\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-08-17] OPR Extension: (Object Browser) - C:\Users\Gigi\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan [2015-08-17] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-16] (ASUS) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2015-07-15] (Kaspersky Lab ZAO) R2 FastBootAgent; C:\Windows\system32\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc.) R2 RsMgrSvc; C:\Program Files\Rising\RSD\RsMgrSvc.exe [196288 2015-08-21] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2015-07-25] (DT Soft Ltd) R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [32568 2015-08-21] (Beijing Rising Information Technology Co., Ltd.) R1 kguard; C:\Windows\System32\DRIVERS\kguard.sys [77080 2015-08-21] (Beijing Rising Information Technology Co., Ltd.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2015-07-15] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2015-07-15] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2015-07-15] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2015-07-15] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2015-07-15] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2015-07-15] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145224 2015-07-15] (Kaspersky Lab ZAO) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2015-07-13] (ASUS) R2 rsdsys; C:\Windows\system32\drivers\protreg.sys [24120 2014-05-28] (Beijing Rising Information Technology Co., Ltd.) R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [83384 2015-08-21] (Beijing Rising Information Technology Co., Ltd.) R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [157808 2015-09-11] (Beijing Rising Information Technology Co., Ltd.) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2015-07-15] (Kaspersky Lab ZAO) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-11 17:46 - 2015-09-11 17:46 - 00000000 ____D C:\Users\Gigi\Downloads\FRST-OlderVersion 2015-09-11 17:22 - 2015-09-11 17:22 - 00030376 _____ C:\Users\Gigi\Desktop\AdwCleaner[C1].txt 2015-09-11 17:17 - 2015-09-11 17:17 - 00031189 _____ C:\Users\Gigi\Desktop\AdwCleaner[S1].txt 2015-09-11 16:57 - 2015-09-11 17:17 - 00000000 ____D C:\AdwCleaner 2015-09-11 16:56 - 2015-09-11 16:57 - 01660416 _____ C:\Users\Gigi\Downloads\AdwCleaner.exe 2015-09-11 16:52 - 2015-09-11 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus 2015-08-21 21:30 - 2015-08-21 21:30 - 00370943 _____ C:\Users\Gigi\Downloads\gmer.zip 2015-08-21 21:30 - 2015-08-21 21:30 - 00000000 ____D C:\Users\Gigi\Downloads\gmer 2015-08-21 21:26 - 2015-09-11 17:13 - 00000000 ___RD C:\RavBin 2015-08-21 21:26 - 2015-08-21 21:24 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\vpatch.dll 2015-08-21 21:25 - 2015-08-21 21:25 - 00027624 _____ C:\Users\Gigi\Downloads\Shortcut.txt 2015-08-21 21:25 - 2015-08-21 21:25 - 00000122 _____ C:\Windows\system32\BsMain.ini 2015-08-21 21:25 - 2015-08-21 21:14 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext.dll 2015-08-21 21:25 - 2015-08-21 21:12 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\bsmain.exe 2015-08-21 21:25 - 2015-08-21 21:12 - 00032568 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys 2015-08-21 21:22 - 2015-08-21 21:25 - 00040386 _____ C:\Users\Gigi\Downloads\Addition.txt 2015-08-21 21:20 - 2015-09-11 17:49 - 00013189 _____ C:\Users\Gigi\Downloads\FRST.txt 2015-08-21 21:18 - 2015-09-11 17:49 - 00000000 ____D C:\FRST 2015-08-21 21:17 - 2015-09-11 17:46 - 01692672 _____ (Farbar) C:\Users\Gigi\Downloads\FRST.exe 2015-08-21 20:23 - 2015-08-21 20:23 - 00000948 _____ C:\Users\Gigi\Desktop\firefox — skrót.lnk 2015-08-21 19:20 - 2015-08-21 19:20 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\ppslog 2015-08-21 19:20 - 2015-08-21 19:20 - 00000000 ____D C:\Users\Gigi\.android 2015-08-21 19:09 - 2015-08-21 19:09 - 00000073 _____ C:\Windows\wininit.ini 2015-08-21 19:04 - 2015-08-21 19:04 - 00000972 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-08-21 19:04 - 2015-08-21 19:04 - 00000000 ____D C:\Program Files\CCleaner 2015-08-21 19:03 - 2015-08-21 19:03 - 06609608 _____ (Piriform Ltd) C:\Users\Gigi\Downloads\ccsetup508.exe 2015-08-21 19:01 - 2015-08-21 19:02 - 00865000 _____ (Application Installer generic ) C:\Users\Gigi\Downloads\CCleaner-13061-dp.exe 2015-08-21 18:38 - 2015-08-21 18:38 - 00613255 _____ (CMI Limited) C:\Users\Gigi\AppData\Local\nss99B9.tmp 2015-08-21 18:38 - 2015-08-21 18:38 - 00000000 ____D C:\Users\Gigi\AppData\Local\Unity 2015-08-21 18:37 - 2015-08-21 18:37 - 00000000 ____D C:\Users\Public\QiYi 2015-08-21 18:35 - 2015-09-11 16:52 - 00000000 ____D C:\Program Files\baidu 2015-08-21 18:33 - 2015-08-21 18:33 - 00000000 ____D C:\Program Files\Common Files\brmpckpp 2015-08-21 18:27 - 2015-09-11 16:48 - 00000000 ____D C:\ProgramData\update 2015-08-17 17:35 - 2015-08-17 17:35 - 00262144 _____ C:\Windows\system32\config\elam 2015-08-17 17:30 - 2015-08-17 17:30 - 00001428 _____ C:\Users\Gigi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-08-17 17:25 - 2015-08-21 19:29 - 00000000 ____D C:\Program Files\gmsd_pl_005010062 2015-08-17 17:24 - 2015-08-17 17:24 - 00298118 __RSH C:\WHRZJ 2015-08-17 17:24 - 2015-08-17 17:24 - 00000000 _____ C:\Windows\prleth.sys 2015-08-17 17:24 - 2015-08-17 17:24 - 00000000 _____ C:\Windows\hgfs.sys 2015-08-17 17:23 - 2015-08-17 17:23 - 00000217 _____ C:\task.vbs 2015-08-17 17:18 - 2015-08-17 17:18 - 00000000 ____D C:\Users\Gigi\Documents\ËŃşüÓ°Ňô 2015-08-17 17:17 - 2015-08-17 17:17 - 00000000 ____D C:\Users\Gigi\AppData\Local\Temp尰 2015-08-17 17:17 - 2015-08-17 17:17 - 00000000 ____D C:\Users\Gigi\AppData\Local\CrashRpt 2015-08-17 17:16 - 2015-09-11 16:48 - 00157808 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys 2015-08-17 17:16 - 2015-08-21 18:36 - 00083384 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys 2015-08-17 17:16 - 2015-08-21 18:36 - 00077080 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\kguard.sys 2015-08-17 17:16 - 2015-08-17 17:16 - 00000132 __RSH C:\rising.ini 2015-08-17 17:16 - 2012-02-29 09:49 - 00010808 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys 2015-08-17 17:15 - 2015-09-11 17:18 - 00000000 ____D C:\ProgramData\Rising 2015-08-17 17:15 - 2015-08-21 19:08 - 00000000 ____D C:\Program Files\fr 2015-08-17 17:15 - 2015-08-17 17:16 - 00000000 ____D C:\Program Files\Rising 2015-08-17 17:15 - 2014-05-28 09:37 - 00024120 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\protreg.sys 2015-08-17 17:14 - 2015-08-21 19:29 - 00000000 ____D C:\Program Files\ospd_us_013010062 2015-08-17 17:14 - 2015-08-17 17:14 - 00000187 _____ C:\Users\Gigi\AppData\Local\Highdom.exe.config 2015-08-17 17:13 - 2015-09-11 16:46 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2015-08-17 17:13 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-08-17 17:12 - 2015-08-17 17:12 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\Opera Software 2015-08-17 17:12 - 2015-08-17 17:12 - 00000000 ____D C:\Users\Gigi\AppData\Local\Opera Software 2015-08-17 17:11 - 2015-08-21 18:02 - 00000000 ____D C:\Program Files\Opera 2015-08-17 17:10 - 2015-08-17 17:20 - 00000000 ____D C:\Program Files\Windows 7 Activator 2015-08-17 16:36 - 2015-08-17 16:36 - 00000000 ____D C:\Users\Gigi\AppData\Local\CEF 2015-08-17 16:22 - 2015-08-17 16:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-08-17 16:22 - 2015-08-17 16:25 - 00000000 ____D C:\ProgramData\Adobe 2015-08-17 16:22 - 2015-08-17 16:22 - 00002024 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-08-17 16:22 - 2015-08-17 16:22 - 00000000 ____D C:\Program Files\Adobe 2015-08-13 18:16 - 2015-08-13 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-13 18:16 - 2015-08-13 18:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-13 18:11 - 2015-08-13 18:15 - 07018720 _____ (Microsoft Corporation) C:\Users\Gigi\Downloads\Silverlight.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-11 17:29 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-11 17:29 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-11 17:25 - 2015-07-13 20:17 - 00869782 _____ C:\Windows\WindowsUpdate.log 2015-09-11 17:23 - 2015-07-15 18:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-09-11 17:21 - 2010-11-20 23:48 - 00030256 _____ C:\Windows\PFRO.log 2015-09-11 17:21 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-11 17:21 - 2009-07-14 06:39 - 00027221 _____ C:\Windows\setupact.log 2015-09-11 16:53 - 2015-07-13 21:31 - 00687812 _____ C:\Windows\system32\perfh015.dat 2015-09-11 16:53 - 2015-07-13 21:31 - 00131366 _____ C:\Windows\system32\perfc015.dat 2015-09-11 16:53 - 2010-11-20 23:01 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-11 16:51 - 2015-07-13 21:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-22 10:37 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System 2015-08-21 20:41 - 2015-08-10 20:25 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-21 20:41 - 2015-07-13 20:51 - 00109216 _____ C:\Users\Gigi\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-21 20:40 - 2009-07-14 06:33 - 00407824 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-21 19:20 - 2015-07-14 05:32 - 00000000 ____D C:\Users\Gigi 2015-08-21 18:37 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2015-08-17 16:23 - 2015-07-15 20:27 - 00000000 ____D C:\Users\Gigi\AppData\Local\Adobe 2015-08-17 16:23 - 2015-07-13 21:23 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\Adobe 2015-08-17 16:22 - 2015-07-22 21:39 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-08-14 11:27 - 2015-07-13 21:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-13 19:53 - 2015-07-13 21:23 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-13 19:53 - 2015-07-13 21:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2015-08-17 17:14 - 2015-08-17 17:14 - 0000187 _____ () C:\Users\Gigi\AppData\Local\Highdom.exe.config 2015-08-21 18:38 - 2015-08-21 18:38 - 0613255 _____ (CMI Limited) C:\Users\Gigi\AppData\Local\nss99B9.tmp Some files in TEMP: ==================== C:\Users\Gigi\AppData\Local\Temp\1078.exe C:\Users\Gigi\AppData\Local\Temp\1620.exe C:\Users\Gigi\AppData\Local\Temp\293.exe C:\Users\Gigi\AppData\Local\Temp\360Inst_sohuyy.exe C:\Users\Gigi\AppData\Local\Temp\4494.exe C:\Users\Gigi\AppData\Local\Temp\740.exe C:\Users\Gigi\AppData\Local\Temp\genteert.dll C:\Users\Gigi\AppData\Local\Temp\InstHelper.exe C:\Users\Gigi\AppData\Local\Temp\IQIYIsetup_l_huayukeji@kb006.exe C:\Users\Gigi\AppData\Local\Temp\qqpcmgr_v10.10.16434.218_72488_Silence.exe C:\Users\Gigi\AppData\Local\Temp\qqpcmgr_v10.8.16208.227_71917_Silence.exe C:\Users\Gigi\AppData\Local\Temp\setup3.exe C:\Users\Gigi\AppData\Local\Temp\sqlite3.dll C:\Users\Gigi\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 20:14 ==================== End of FRST.txt ============================