Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help from Taiwan pc user with gameharbor virus!


  • This topic is locked This topic is locked
4 replies to this topic

#1 ericneo

ericneo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 16 September 2014 - 04:00 AM

It seems SIM 4 GAME installation got this for me,i download form 3DGAME WEBSITE,then after i reboot my Notebook always show up the GAMEHARBOR WED from Internet explorer,and here is my FRST Scan Results
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Neo (administrator) on 4820TG on 16-09-2014 16:51:04
Running from C:\Users\Neo\Desktop\FRST 64
Platform: Windows 8.1 Enterprise (X64) OS Language: 中文 (繁體,台灣)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(SoftPerfect Research) C:\Program Files\SoftPerfect RAM Disk\ramdiskws.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Spotify Ltd) C:\Users\Neo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Neo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6553808 2014-06-24] (SoftPerfect Research)
HKLM\...\Run: [RAMDiskForWorkstations] => C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [3554512 2014-02-09] (SoftPerfect Research)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-29] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-617504413-2862489795-1996612863-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-617504413-2862489795-1996612863-1001\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9957168 2014-08-28] ()
HKU\S-1-5-21-617504413-2862489795-1996612863-1001\...\Run: [Google Update] => C:\Users\Neo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-13] (Google Inc.)
HKU\S-1-5-21-617504413-2862489795-1996612863-1001\...\Run: [Spotify Web Helper] => C:\Users\Neo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-18] (Spotify Ltd)
HKU\S-1-5-21-617504413-2862489795-1996612863-1001\...\Run: [AF6DDC2D0DAE0F03533EC896BF6847672AD81B5B._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [912200 2014-09-04] (Google Inc.)
HKU\S-1-5-21-617504413-2862489795-1996612863-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-617504413-2862489795-1996612863-1001\...\Policies\Explorer: []
Startup: C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Neo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\傳送至 OneNote.lnk
ShortcutTarget: 傳送至 OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.tw.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-TW
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9839B80665D1CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tw.yahoo.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} http://114.34.194.119/DVRemoteAx.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: HKLM-x32 {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 168.95.1.1

FireFox:
========
FF ProfilePath: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\znwl8nn3.default
FF Homepage: hxxp://tw.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @baidu.com/UploadPlugin -> C:\Users\Neo\AppData\Roaming\baidu\Baidu Uploader\npUploader.dll No File
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Neo\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @qvod.com/QvodInsert -> D:\GreenSoftware\QvodPlayer5.17.160\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @xfplay.com/xfplay -> C:\Program Files (x86)\xfplay\npxfweb.dll (http://www.xfplay.com)
FF Plugin-x32: @xigua.com/npxgax -> C:\Program Files (x86)\xigua\npxgax.dll ()
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Neo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Neo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Neo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Neo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Neo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Neo\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findbook-zh-TW.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-zh-TW.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-answer-zh-TW.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-bid-zh-TW.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-zh-TW.xml
FF Extension: Firefox Homepage - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\znwl8nn3.default\Extensions\twhomepage@mozillaonline.com [2014-05-23]
FF Extension: Easy Screenshot - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\znwl8nn3.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2014-05-23]
FF Extension: Font Setter - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\znwl8nn3.default\Extensions\fontsetter@mozillaonline.com.xpi [2014-05-23]
FF Extension: Improvements for Firefox - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\znwl8nn3.default\Extensions\fx-improvement@mozillaonline.com.xpi [2014-05-23]
FF Extension: Easy Access - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\znwl8nn3.default\Extensions\quicklaunch@mozillaonline.com.xpi [2014-05-23]
FF Extension: Tab Improvement Lite - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\znwl8nn3.default\Extensions\tabimprovelite@mozillaonline.com.xpi [2014-05-23]
FF Extension: Addons Manager - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\znwl8nn3.default\Extensions\tpmanager@mozillaonline.com.xpi [2014-05-23]
FF Extension: AddonInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addoninstaller@mozillaonline.com [2014-05-23]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-05-16]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com.tw/?gws_rd=ssl
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.com.tw____
CHR DefaultSearchProvider: Default -> Google 搜尋
CHR DefaultSearchURL: Default -> http://www.google.com.tw/search?hl=zh-TW&safe=off&q={searchTerms}&meta=&aq=f&oq=
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 文件) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-12]
CHR Extension: (Google 雲端硬碟) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (Facebook) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-05-12]
CHR Extension: (Google 搜尋) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Chrome 遠端桌面) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-06-03]
CHR Extension: (Google Mail Checker) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-05-12]
CHR Extension: (Google 電子錢包) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (為什麼你們就是不能加個空格呢?) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\paphcfdffjnbcgkokihcdjliihicmbpd [2014-05-12]
CHR Extension: (Unblock Youku) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-05-12]
CHR Extension: (Gmail) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
CHR Extension: (日本動畫新番) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgbnooaeblfcfbjnaebghpiceobajdp [2014-05-12]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-05-16]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-05-16]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-21]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-21]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-21] (Kaspersky Lab ZAO)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-05-29] (Macrovision Europe Ltd.) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458024 2013-10-16] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [447272 2013-10-16] (Acer Incorporate)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1068224 2014-02-03] () [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-02] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-13] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-13] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-05-13] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-21] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-13] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-21] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-05-13] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-13] (Kaspersky Lab ZAO)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R1 networx; C:\Windows\System32\drivers\networx.sys [59384 2014-05-09] (NetFilterSDK.com)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-08-01] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-13] (Synaptics Incorporated)
R1 SPVDPort; C:\Windows\System32\drivers\spvdbus.sys [92152 2014-02-03] ()
R1 SPVVEngine; C:\Windows\system32\Drivers\spvve.sys [339960 2014-02-03] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 HSPADataCardusbmdm; \SystemRoot\system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; \SystemRoot\system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; \SystemRoot\system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S4 WinDivert1.1; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 16:18 - 2014-09-16 16:51 - 00000000 ____D () C:\Users\Neo\Desktop\FRST 64
2014-09-16 16:10 - 2014-09-12 20:03 - 00000000 ____D () C:\Users\Neo\Desktop\SASPortable
2014-09-16 14:16 - 2014-09-16 14:16 - 02679129 _____ () C:\Users\Neo\Desktop\SASPortable_6.0.1146_azo.exe
2014-09-16 13:57 - 2014-09-16 13:57 - 05504352 _____ () C:\Users\Neo\Desktop\BaiduMusic_7.1.0_azo.exe
2014-09-16 13:55 - 2014-09-16 13:55 - 03710740 _____ () C:\Users\Neo\Desktop\RogueKillerPortable_9.2.10_azo.exe
2014-09-16 13:55 - 2014-09-16 13:55 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-16 13:55 - 2014-09-16 13:55 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-16 13:55 - 2014-09-09 21:12 - 00000000 ____D () C:\Users\Neo\Desktop\RogueKillerPortable
2014-09-16 13:49 - 2014-09-16 13:49 - 00001134 _____ () C:\Windows\PFRO.log
2014-09-16 09:27 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-16 09:26 - 2014-09-16 11:45 - 00000000 ____D () C:\AdwCleaner
2014-09-16 09:26 - 2014-09-16 09:26 - 01373475 _____ () C:\Users\Neo\Desktop\adwcleaner_3.310.exe
2014-09-16 01:22 - 2014-09-16 16:51 - 00000000 ____D () C:\FRST
2014-09-16 01:22 - 2014-09-16 01:22 - 02347384 _____ (ESET) C:\Users\Neo\Desktop\esetsmartinstaller_enu.exe
2014-09-15 21:16 - 2014-09-16 16:44 - 00498262 _____ () C:\Windows\system32\perfh011.dat
2014-09-15 21:16 - 2014-09-16 16:44 - 00136066 _____ () C:\Windows\system32\perfc011.dat
2014-09-15 21:16 - 2014-09-14 21:14 - 00144476 _____ () C:\Windows\system32\perfi011.dat
2014-09-15 21:16 - 2014-09-14 21:14 - 00033362 _____ () C:\Windows\system32\perfd011.dat
2014-09-15 21:16 - 2014-09-03 04:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-15 21:16 - 2014-09-03 04:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-14 23:11 - 2014-09-14 23:11 - 00000000 ____D () C:\Windows\SysWOW64\ja
2014-09-14 23:11 - 2014-09-14 23:11 - 00000000 ____D () C:\Windows\system32\ja
2014-09-14 21:09 - 2013-08-21 22:15 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lzhfldr2.dll
2014-09-14 21:08 - 2013-08-22 05:30 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\lzhfldr2.dll
2014-09-14 20:52 - 2014-08-16 10:40 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 20:52 - 2014-08-16 10:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-14 20:52 - 2014-08-16 10:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 20:52 - 2014-08-16 10:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 20:52 - 2014-08-16 09:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 20:52 - 2014-08-16 09:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 20:52 - 2014-08-16 09:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-14 20:52 - 2014-08-16 09:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 20:52 - 2014-08-16 09:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 20:52 - 2014-08-16 09:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 20:52 - 2014-08-16 09:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-14 20:52 - 2014-08-16 09:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 20:52 - 2014-08-16 09:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 20:52 - 2014-08-16 09:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-14 20:52 - 2014-08-16 09:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 20:52 - 2014-08-16 09:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 20:52 - 2014-08-16 09:06 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 20:52 - 2014-08-16 09:05 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 20:52 - 2014-08-16 09:05 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 20:52 - 2014-08-16 09:03 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 20:52 - 2014-08-16 09:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 20:52 - 2014-08-16 08:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 20:52 - 2014-08-16 08:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 20:52 - 2014-08-16 08:53 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 20:52 - 2014-08-16 08:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 20:52 - 2014-08-16 08:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 20:52 - 2014-08-16 08:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-14 20:52 - 2014-08-16 08:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 20:52 - 2014-08-16 08:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 20:52 - 2014-08-16 08:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 20:52 - 2014-08-16 08:34 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 20:52 - 2014-08-16 08:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-14 20:52 - 2014-08-16 08:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 20:52 - 2014-08-16 08:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-14 20:52 - 2014-08-16 08:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-14 20:47 - 2014-08-23 15:48 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-14 20:47 - 2014-08-23 15:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-09-14 20:47 - 2014-08-23 14:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-14 20:47 - 2014-08-23 13:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-14 20:47 - 2014-08-23 12:44 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-14 20:47 - 2014-08-23 12:34 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-14 20:47 - 2014-08-23 12:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-09-14 20:47 - 2014-08-23 12:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-14 20:47 - 2014-08-23 12:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-14 20:47 - 2014-07-30 09:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-09-14 20:47 - 2014-07-29 13:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-09-14 20:46 - 2014-07-24 23:28 - 00468288 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-09-14 20:46 - 2014-07-24 23:28 - 00419648 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-14 20:46 - 2014-07-24 23:28 - 00412992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-09-14 20:46 - 2014-07-24 23:28 - 00280384 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-09-14 20:46 - 2014-07-24 23:28 - 00143680 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-14 20:46 - 2014-07-24 23:25 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-14 20:46 - 2014-07-24 23:23 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-09-14 20:46 - 2014-07-24 23:23 - 00125472 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-09-14 20:46 - 2014-07-24 23:20 - 21266336 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-14 20:46 - 2014-07-24 23:20 - 00645592 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-09-14 20:46 - 2014-07-24 23:20 - 00263400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-09-14 20:46 - 2014-07-24 23:16 - 02574208 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-09-14 20:46 - 2014-07-24 23:16 - 00211216 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-09-14 20:46 - 2014-07-24 23:07 - 07424320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-14 20:46 - 2014-07-24 23:07 - 02009920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-14 20:46 - 2014-07-24 23:05 - 01660048 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-09-14 20:46 - 2014-07-24 23:05 - 01519560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-09-14 20:46 - 2014-07-24 23:05 - 01488008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-09-14 20:46 - 2014-07-24 23:05 - 01356840 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-09-14 20:46 - 2014-07-24 23:03 - 02141920 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-09-14 20:46 - 2014-07-24 23:03 - 00882136 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-09-14 20:46 - 2014-07-24 23:03 - 00818624 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-09-14 20:46 - 2014-07-24 23:03 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-09-14 20:46 - 2014-07-24 23:03 - 00233888 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-09-14 20:46 - 2014-07-24 23:03 - 00205512 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2014-09-14 20:46 - 2014-07-24 22:57 - 02515264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-14 20:46 - 2014-07-24 22:57 - 00475968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-09-14 20:46 - 2014-07-24 21:50 - 00098048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-09-14 20:46 - 2014-07-24 21:48 - 02410976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-09-14 20:46 - 2014-07-24 21:48 - 00180208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2014-09-14 20:46 - 2014-07-24 21:46 - 18760328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-14 20:46 - 2014-07-24 21:46 - 00477200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-09-14 20:46 - 2014-07-24 21:36 - 02145472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-09-14 20:46 - 2014-07-24 21:36 - 00707536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-09-14 20:46 - 2014-07-24 21:36 - 00674512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-09-14 20:46 - 2014-07-24 21:36 - 00355800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-09-14 20:46 - 2014-07-24 21:36 - 00180720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2014-09-14 20:46 - 2014-07-24 19:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-09-14 20:46 - 2014-07-24 19:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-14 20:46 - 2014-07-24 19:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTT102.DLL
2014-09-14 20:46 - 2014-07-24 19:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-14 20:46 - 2014-07-24 19:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-14 20:46 - 2014-07-24 19:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-14 20:46 - 2014-07-24 19:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-14 20:46 - 2014-07-24 19:47 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-14 20:46 - 2014-07-24 19:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-09-14 20:46 - 2014-07-24 19:45 - 00076800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-14 20:46 - 2014-07-24 19:44 - 00674816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-14 20:46 - 2014-07-24 19:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-09-14 20:46 - 2014-07-24 19:42 - 01200640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-09-14 20:46 - 2014-07-24 19:42 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-09-14 20:46 - 2014-07-24 19:42 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys
2014-09-14 20:46 - 2014-07-24 19:41 - 00118272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2014-09-14 20:46 - 2014-07-24 19:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2014-09-14 20:46 - 2014-07-24 19:33 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-14 20:46 - 2014-07-24 19:33 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-14 20:46 - 2014-07-24 19:22 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2014-09-14 20:46 - 2014-07-24 19:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2014-09-14 20:46 - 2014-07-24 19:05 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2014-09-14 20:46 - 2014-07-24 19:05 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-14 20:46 - 2014-07-24 18:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-14 20:46 - 2014-07-24 18:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTT102.DLL
2014-09-14 20:46 - 2014-07-24 18:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-14 20:46 - 2014-07-24 18:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-09-14 20:46 - 2014-07-24 18:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-14 20:46 - 2014-07-24 18:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-14 20:46 - 2014-07-24 18:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-14 20:46 - 2014-07-24 18:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2014-09-14 20:46 - 2014-07-24 18:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-14 20:46 - 2014-07-24 18:32 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-09-14 20:46 - 2014-07-24 18:20 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2014-09-14 20:46 - 2014-07-24 18:18 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-09-14 20:46 - 2014-07-24 18:12 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2014-09-14 20:46 - 2014-07-24 18:10 - 01844224 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-09-14 20:46 - 2014-07-24 18:10 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-14 20:46 - 2014-07-24 18:10 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-09-14 20:46 - 2014-07-24 18:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll
2014-09-14 20:46 - 2014-07-24 18:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-14 20:46 - 2014-07-24 18:06 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-09-14 20:46 - 2014-07-24 18:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-09-14 20:46 - 2014-07-24 17:58 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2014-09-14 20:46 - 2014-07-24 17:54 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2014-09-14 20:46 - 2014-07-24 17:53 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2014-09-14 20:46 - 2014-07-24 17:52 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-09-14 20:46 - 2014-07-24 17:44 - 16874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-09-14 20:46 - 2014-07-24 17:42 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2014-09-14 20:46 - 2014-07-24 17:40 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
2014-09-14 20:46 - 2014-07-24 17:39 - 00770048 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-09-14 20:46 - 2014-07-24 17:33 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2014-09-14 20:46 - 2014-07-24 17:32 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-09-14 20:46 - 2014-07-24 17:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-14 20:46 - 2014-07-24 17:27 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-14 20:46 - 2014-07-24 17:25 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2014-09-14 20:46 - 2014-07-24 17:24 - 01817088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-09-14 20:46 - 2014-07-24 17:23 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-09-14 20:46 - 2014-07-24 17:21 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-09-14 20:46 - 2014-07-24 17:18 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2014-09-14 20:46 - 2014-07-24 17:16 - 12730880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 20:46 - 2014-07-24 17:14 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-09-14 20:46 - 2014-07-24 17:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2014-09-14 20:46 - 2014-07-24 17:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-09-14 20:46 - 2014-07-24 17:11 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-09-14 20:46 - 2014-07-24 17:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2014-09-14 20:46 - 2014-07-24 17:10 - 00540672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-09-14 20:46 - 2014-07-24 17:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-09-14 20:46 - 2014-07-24 17:04 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2014-09-14 20:46 - 2014-07-24 17:04 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-09-14 20:46 - 2014-07-24 17:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-09-14 20:46 - 2014-07-24 17:02 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-14 20:46 - 2014-07-24 16:58 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2014-09-14 20:46 - 2014-07-24 16:53 - 01261056 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-09-14 20:46 - 2014-07-24 16:53 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-09-14 20:46 - 2014-07-24 16:49 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-09-14 20:46 - 2014-07-24 16:49 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-09-14 20:46 - 2014-07-24 16:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-09-14 20:46 - 2014-07-24 16:49 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-09-14 20:46 - 2014-07-24 16:48 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2014-09-14 20:46 - 2014-07-24 16:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-09-14 20:46 - 2014-07-24 16:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2014-09-14 20:46 - 2014-07-24 16:39 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-09-14 20:46 - 2014-07-24 16:38 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-09-14 20:46 - 2014-07-24 16:36 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2014-09-14 20:46 - 2014-07-24 16:32 - 01532416 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-09-14 20:46 - 2014-07-24 16:30 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-09-14 20:46 - 2014-07-24 16:29 - 00439296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 20:46 - 2014-07-24 16:28 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2014-09-14 20:46 - 2014-07-24 16:27 - 00907776 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-14 20:46 - 2014-07-24 16:24 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 20:46 - 2014-07-24 16:23 - 01404416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-09-14 20:46 - 2014-07-24 16:22 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-09-14 20:46 - 2014-07-24 16:21 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-09-14 20:46 - 2014-07-24 16:21 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-09-14 20:46 - 2014-07-24 16:20 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2014-09-14 20:46 - 2014-07-24 16:19 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-14 20:46 - 2014-07-24 16:18 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-09-14 20:46 - 2014-07-24 16:18 - 00795136 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-09-14 20:46 - 2014-07-24 16:18 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-14 20:46 - 2014-07-24 16:16 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2014-09-14 20:46 - 2014-07-24 16:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-09-14 20:46 - 2014-07-24 16:15 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-14 20:46 - 2014-07-24 16:15 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2014-09-14 20:46 - 2014-07-24 16:15 - 00432128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2014-09-14 20:46 - 2014-07-24 16:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-09-14 20:46 - 2014-07-24 16:12 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 20:46 - 2014-07-24 16:10 - 01029632 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-14 20:46 - 2014-07-24 16:10 - 00889344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-09-14 20:46 - 2014-07-24 16:10 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-09-14 20:46 - 2014-07-24 16:10 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-09-14 20:46 - 2014-07-24 16:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-09-14 20:46 - 2014-07-24 16:08 - 00162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2014-09-14 20:46 - 2014-07-24 16:07 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-14 20:46 - 2014-07-24 16:06 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-14 20:46 - 2014-07-24 16:05 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2014-09-14 20:46 - 2014-07-24 16:04 - 00667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-14 20:46 - 2014-07-24 16:02 - 03465216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-14 20:46 - 2014-07-24 16:01 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-09-14 20:46 - 2014-07-24 16:01 - 01992192 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-09-14 20:46 - 2014-07-24 16:01 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-09-14 20:46 - 2014-07-24 16:00 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 20:46 - 2014-07-24 15:58 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-09-14 20:46 - 2014-07-24 15:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-09-14 20:46 - 2014-07-24 15:54 - 01290752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-09-14 20:46 - 2014-07-24 15:50 - 01182208 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-09-14 20:46 - 2014-07-24 15:50 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-14 20:46 - 2014-07-24 15:49 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2014-09-14 20:46 - 2014-07-24 15:47 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-09-14 20:46 - 2014-07-24 15:46 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-09-14 20:46 - 2014-07-24 15:44 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-09-14 20:46 - 2014-07-24 15:43 - 02696704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-09-14 20:46 - 2014-07-24 15:43 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-14 20:46 - 2014-07-24 15:43 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2014-09-14 20:46 - 2014-07-24 15:41 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-09-14 20:46 - 2014-07-24 15:39 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-14 20:46 - 2014-07-24 15:38 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-14 20:46 - 2014-07-24 15:38 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-14 20:46 - 2014-07-24 15:33 - 03360768 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-14 20:46 - 2014-07-24 15:30 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-14 20:46 - 2014-07-24 15:28 - 01600000 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-09-14 20:46 - 2014-07-24 12:11 - 00513544 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-14 20:46 - 2014-07-24 12:11 - 00513544 _____ () C:\Windows\system32\locale.nls
2014-09-14 20:46 - 2014-07-12 13:55 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2014-09-14 20:46 - 2014-07-12 13:23 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-09-14 20:46 - 2014-07-12 12:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2014-09-14 20:46 - 2014-07-12 12:33 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-09-14 20:46 - 2014-07-12 12:13 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-14 20:46 - 2014-07-10 07:19 - 00387391 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-14 20:46 - 2014-07-04 20:59 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-09-14 20:46 - 2014-07-04 18:29 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2014-09-14 20:46 - 2014-07-04 18:20 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-09-14 20:46 - 2014-07-04 18:06 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2014-09-14 20:46 - 2014-07-04 18:00 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-09-14 20:46 - 2014-07-04 17:30 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2014-09-14 20:46 - 2014-07-04 17:27 - 00474112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2014-09-14 20:46 - 2014-06-27 14:22 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-14 20:46 - 2014-06-26 08:32 - 01029632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-09-14 20:46 - 2014-06-26 08:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2014-09-14 20:46 - 2014-06-20 07:37 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-14 20:46 - 2014-06-19 10:13 - 00310080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-09-14 20:46 - 2014-06-14 14:03 - 02389504 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-14 20:46 - 2014-06-14 13:46 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-14 20:46 - 2014-06-07 20:46 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-09-14 20:46 - 2014-06-07 18:20 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-09-14 20:46 - 2014-06-05 22:00 - 01118040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-09-14 20:46 - 2014-06-05 18:18 - 01018368 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2014-09-14 20:46 - 2014-06-05 17:42 - 00889856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2014-09-14 20:46 - 2014-05-31 13:00 - 01463808 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2014-09-14 20:46 - 2014-05-31 12:18 - 01319936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2014-09-14 20:46 - 2014-05-29 14:23 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-09-14 20:46 - 2014-05-29 13:25 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-09-14 20:46 - 2014-05-29 13:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-14 20:46 - 2014-05-29 12:36 - 00344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-14 20:46 - 2014-05-26 15:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2014-09-14 20:46 - 2014-05-10 18:12 - 00387896 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2014-09-14 20:46 - 2014-05-10 16:46 - 00335680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2014-09-14 20:46 - 2014-05-06 12:41 - 00486744 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-09-14 20:46 - 2014-05-06 08:55 - 00391000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-09-14 20:46 - 2014-03-25 10:27 - 00160600 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-09-14 20:46 - 2014-03-25 10:27 - 00123920 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-09-14 20:46 - 2014-03-25 09:20 - 00128568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-09-14 20:46 - 2014-03-25 09:20 - 00127544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-09-14 20:44 - 2014-09-14 20:45 - 67885015 _____ () C:\Users\Neo\Desktop\放到Mods資料夾裡面.rar
2014-09-14 20:44 - 2014-09-14 20:44 - 02624583 _____ () C:\Users\Neo\Desktop\放到Trays資料夾裡面.rar
2014-09-14 20:42 - 2014-09-14 20:42 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 20:42 - 2014-09-14 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 20:42 - 2014-09-14 20:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-14 20:42 - 2014-09-14 20:42 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 20:42 - 2014-09-14 20:42 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 20:42 - 2014-09-14 20:42 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-14 20:40 - 2014-08-15 08:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-09-14 20:36 - 2014-08-02 08:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-14 20:36 - 2014-07-24 11:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-14 20:36 - 2014-07-24 11:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-08 11:44 - 2014-09-08 11:45 - 00000000 ____D () C:\Users\Neo\Desktop\看門狗存檔
2014-09-07 17:47 - 2014-09-07 17:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-07 17:47 - 2014-09-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-07 17:07 - 2014-09-07 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-07 16:58 - 2014-09-07 17:07 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-07 16:40 - 2014-09-07 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-07 10:56 - 2014-09-07 12:36 - 00000000 ____D () C:\Users\Neo\Desktop\WinRAR v5.11 (32 64位元)簡繁體中文+英文 正式註冊版
2014-09-06 21:18 - 2014-09-06 08:14 - 01692787 _____ () C:\Users\Neo\Desktop\總局.xml
2014-09-05 10:48 - 2014-09-05 10:48 - 00000000 ____D () C:\Users\Neo\Desktop\Nude Photos Of Jennifer Lawrence And Kate Upton Leaked
2014-09-04 15:06 - 2014-09-04 15:07 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-09-04 15:06 - 2014-09-04 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2014-08-30 02:35 - 2014-08-30 02:35 - 00000719 _____ () C:\Users\Public\Desktop\流亡黯道.lnk
2014-08-30 01:59 - 2014-09-16 13:46 - 00000000 ____D () C:\GarenaDownload
2014-08-30 00:29 - 2014-08-30 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-30 00:29 - 2014-08-30 00:29 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-08-29 16:59 - 2014-09-16 16:50 - 00000000 ___RD () C:\Users\Neo\Dropbox
2014-08-29 08:23 - 2014-08-23 08:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 21:21 - 2014-08-26 21:39 - 00000000 ____D () C:\Users\Neo\Desktop\APK TW下載
2014-08-20 14:43 - 2014-08-20 14:43 - 00000024 _____ () C:\Users\Neo\Desktop\userStartup.cheat
2014-08-17 20:24 - 2014-09-07 12:23 - 00000000 ____D () C:\Users\Neo\Documents\Electronic Arts
2014-08-17 20:20 - 2014-09-03 18:24 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 16:51 - 2014-09-16 16:18 - 00000000 ____D () C:\Users\Neo\Desktop\FRST 64
2014-09-16 16:51 - 2014-09-16 01:22 - 00000000 ____D () C:\FRST
2014-09-16 16:51 - 2014-06-11 14:28 - 00000000 ____D () C:\User Temp
2014-09-16 16:50 - 2014-08-29 16:59 - 00000000 ___RD () C:\Users\Neo\Dropbox
2014-09-16 16:50 - 2014-08-01 14:42 - 00000000 ____D () C:\Users\Neo\AppData\Roaming\Dropbox
2014-09-16 16:50 - 2014-06-11 14:58 - 00000000 ____D () C:\System Temp
2014-09-16 16:50 - 2014-05-13 22:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-16 16:50 - 2014-05-12 21:17 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Neo
2014-09-16 16:50 - 2014-05-12 12:28 - 00000546 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-16 16:50 - 2014-05-12 11:28 - 01426432 ___SH () C:\Users\Neo\Desktop\Thumbs.db
2014-09-16 16:49 - 2013-08-22 22:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 16:49 - 2013-08-22 21:25 - 04718592 ___SH () C:\Windows\system32\config\BBI
2014-09-16 16:45 - 2014-05-12 11:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-617504413-2862489795-1996612863-1001
2014-09-16 16:44 - 2014-09-15 21:16 - 00498262 _____ () C:\Windows\system32\perfh011.dat
2014-09-16 16:44 - 2014-09-15 21:16 - 00136066 _____ () C:\Windows\system32\perfc011.dat
2014-09-16 16:44 - 2014-03-07 21:44 - 02087134 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 16:44 - 2013-09-30 11:56 - 00450910 _____ () C:\Windows\system32\prfh0404.dat
2014-09-16 16:44 - 2013-09-30 11:56 - 00136066 _____ () C:\Windows\system32\prfc0404.dat
2014-09-16 16:33 - 2014-05-12 12:28 - 00000550 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-16 16:17 - 2014-05-13 20:31 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617504413-2862489795-1996612863-1001UA.job
2014-09-16 16:00 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-16 15:52 - 2014-05-24 02:47 - 00000526 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-16 15:37 - 2014-05-12 11:13 - 00003864 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BC6DFC6E-D145-4157-9138-9CA21640498A}
2014-09-16 14:16 - 2014-09-16 14:16 - 02679129 _____ () C:\Users\Neo\Desktop\SASPortable_6.0.1146_azo.exe
2014-09-16 14:14 - 2014-05-13 00:52 - 00000000 ___RD () C:\Users\Neo\Desktop\GAME
2014-09-16 13:57 - 2014-09-16 13:57 - 05504352 _____ () C:\Users\Neo\Desktop\BaiduMusic_7.1.0_azo.exe
2014-09-16 13:55 - 2014-09-16 13:55 - 03710740 _____ () C:\Users\Neo\Desktop\RogueKillerPortable_9.2.10_azo.exe
2014-09-16 13:55 - 2014-09-16 13:55 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-16 13:55 - 2014-09-16 13:55 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-16 13:49 - 2014-09-16 13:49 - 00001134 _____ () C:\Windows\PFRO.log
2014-09-16 13:48 - 2014-06-22 15:37 - 00000000 ____D () C:\Users\user01
2014-09-16 13:48 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-16 13:46 - 2014-08-30 01:59 - 00000000 ____D () C:\GarenaDownload
2014-09-16 12:02 - 2014-07-27 21:04 - 00000000 ____D () C:\Users\Neo\AppData\Roaming\Free Download Manager
2014-09-16 11:45 - 2014-09-16 09:26 - 00000000 ____D () C:\AdwCleaner
2014-09-16 09:26 - 2014-09-16 09:26 - 01373475 _____ () C:\Users\Neo\Desktop\adwcleaner_3.310.exe
2014-09-16 07:31 - 2014-05-12 12:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-16 07:27 - 2014-05-12 12:16 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-16 05:42 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\rescache
2014-09-16 04:57 - 2013-08-22 23:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-16 01:22 - 2014-09-16 01:22 - 02347384 _____ (ESET) C:\Users\Neo\Desktop\esetsmartinstaller_enu.exe
2014-09-16 01:19 - 2013-08-22 22:44 - 00956024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 23:12 - 2013-09-30 11:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-14 23:12 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\WinStore
2014-09-14 23:12 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-14 23:12 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-14 23:12 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-14 23:12 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-14 23:12 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-14 23:12 - 2013-08-22 21:36 - 00000000 ____D () C:\Windows\servicing
2014-09-14 23:11 - 2014-09-14 23:11 - 00000000 ____D () C:\Windows\SysWOW64\ja
2014-09-14 23:11 - 2014-09-14 23:11 - 00000000 ____D () C:\Windows\system32\ja
2014-09-14 23:11 - 2014-05-12 10:56 - 00000000 ____D () C:\Users\Neo
2014-09-14 23:11 - 2013-10-23 17:22 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-14 23:11 - 2013-09-30 11:56 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-09-14 23:11 - 2013-09-30 11:56 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-09-14 23:11 - 2013-09-30 11:56 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-09-14 23:11 - 2013-09-30 11:56 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-09-14 23:11 - 2013-09-30 11:56 - 00000000 ____D () C:\Windows\system32\winrm
2014-09-14 23:11 - 2013-09-30 11:56 - 00000000 ____D () C:\Windows\system32\WCN
2014-09-14 23:11 - 2013-09-30 11:56 - 00000000 ____D () C:\Windows\system32\slmgr
2014-09-14 23:11 - 2013-09-30 11:56 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ___SD () C:\Windows\system32\dsc
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\migwiz
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\Com
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\IME
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\Help
2014-09-14 23:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\FileManager
2014-09-14 23:11 - 2013-08-22 21:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-09-14 23:11 - 2013-08-22 21:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-14 23:11 - 2013-08-22 21:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-09-14 23:11 - 2013-08-22 21:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-14 23:11 - 2013-08-22 21:36 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-14 21:14 - 2014-09-15 21:16 - 00144476 _____ () C:\Windows\system32\perfi011.dat
2014-09-14 21:14 - 2014-09-15 21:16 - 00033362 _____ () C:\Windows\system32\perfd011.dat
2014-09-14 20:55 - 2014-05-13 08:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-14 20:55 - 2014-05-13 08:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 20:52 - 2014-06-11 09:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 20:52 - 2014-06-11 09:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-14 20:52 - 2014-06-11 09:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 20:52 - 2014-06-11 09:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 20:52 - 2014-06-11 09:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 20:52 - 2014-06-11 09:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 20:52 - 2014-06-11 09:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-14 20:52 - 2014-06-11 09:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 20:52 - 2014-06-11 09:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 20:52 - 2014-06-11 09:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 20:52 - 2014-06-11 09:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 20:52 - 2014-06-11 09:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 20:52 - 2014-06-11 09:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-14 20:52 - 2014-06-11 09:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 20:52 - 2014-05-24 02:47 - 00003414 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-14 20:52 - 2014-05-12 11:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 20:52 - 2014-05-12 11:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 20:45 - 2014-09-14 20:44 - 67885015 _____ () C:\Users\Neo\Desktop\放到Mods資料夾裡面.rar
2014-09-14 20:44 - 2014-09-14 20:44 - 02624583 _____ () C:\Users\Neo\Desktop\放到Trays資料夾裡面.rar
2014-09-14 20:42 - 2014-09-14 20:42 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 20:42 - 2014-09-14 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 20:42 - 2014-09-14 20:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-14 20:42 - 2014-09-14 20:42 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 20:42 - 2014-09-14 20:42 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 20:42 - 2014-09-14 20:42 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-12 20:03 - 2014-09-16 16:10 - 00000000 ____D () C:\Users\Neo\Desktop\SASPortable
2014-09-11 11:36 - 2014-05-12 12:29 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-09 21:12 - 2014-09-16 13:55 - 00000000 ____D () C:\Users\Neo\Desktop\RogueKillerPortable
2014-09-08 17:17 - 2014-05-13 20:31 - 00000862 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617504413-2862489795-1996612863-1001Core.job
2014-09-08 11:45 - 2014-09-08 11:44 - 00000000 ____D () C:\Users\Neo\Desktop\看門狗存檔
2014-09-07 21:11 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\Neo\AppData\Roaming\BitComet
2014-09-07 17:48 - 2014-09-07 17:47 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-07 17:48 - 2014-06-11 11:43 - 00000000 ____D () C:\ProgramData\Origin
2014-09-07 17:47 - 2014-09-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-07 17:47 - 2014-06-11 11:43 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-07 17:07 - 2014-09-07 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-07 17:07 - 2014-09-07 16:58 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-07 16:40 - 2014-09-07 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-07 13:37 - 2014-05-12 21:30 - 00000000 ____D () C:\Users\Neo\AppData\Roaming\GarenaPlus
2014-09-07 13:37 - 2014-05-12 21:11 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-09-07 13:37 - 2014-05-12 21:02 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-07 12:36 - 2014-09-07 10:56 - 00000000 ____D () C:\Users\Neo\Desktop\WinRAR v5.11 (32 64位元)簡繁體中文+英文 正式註冊版
2014-09-07 12:23 - 2014-08-17 20:24 - 00000000 ____D () C:\Users\Neo\Documents\Electronic Arts
2014-09-07 12:20 - 2014-05-12 10:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 12:19 - 2014-06-11 11:44 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-07 10:56 - 2014-05-12 12:29 - 00000000 ____D () C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-07 10:56 - 2014-05-12 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-06 08:14 - 2014-09-06 21:18 - 01692787 _____ () C:\Users\Neo\Desktop\總局.xml
2014-09-06 02:42 - 2014-08-06 16:03 - 00000000 ____D () C:\Users\Neo\Desktop\Mariah Carey - Me. I Am Mariah...The Elusive Chanteuse (Deluxe Edition) [ChattChitto RG]
2014-09-05 10:48 - 2014-09-05 10:48 - 00000000 ____D () C:\Users\Neo\Desktop\Nude Photos Of Jennifer Lawrence And Kate Upton Leaked
2014-09-05 10:35 - 2014-05-16 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-09-05 10:35 - 2014-05-16 08:56 - 00000000 ____D () C:\Users\Neo\AppData\Roaming\DVDVideoSoft
2014-09-05 10:35 - 2014-05-16 08:56 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-09-05 10:09 - 2014-05-13 10:09 - 00000000 ___RD () C:\Users\Neo\Desktop\程式區
2014-09-04 15:07 - 2014-09-04 15:06 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-09-04 15:06 - 2014-09-04 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2014-09-03 18:24 - 2014-08-17 20:20 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-03 04:06 - 2014-09-15 21:16 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-03 04:06 - 2014-09-15 21:16 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 08:08 - 2014-06-11 10:52 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-08-30 22:45 - 2014-05-13 12:17 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2014-08-30 22:45 - 2014-05-13 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2014-08-30 02:36 - 2014-06-15 22:26 - 00000000 ____D () C:\Users\Neo\Documents\My Games
2014-08-30 02:35 - 2014-08-30 02:35 - 00000719 _____ () C:\Users\Public\Desktop\流亡黯道.lnk
2014-08-30 02:35 - 2014-05-12 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-08-30 00:29 - 2014-08-30 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-30 00:29 - 2014-08-30 00:29 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-08-30 00:26 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\Neo\AppData\Roaming\Logishrd
2014-08-30 00:20 - 2014-05-19 15:17 - 00000000 ____D () C:\ProgramData\Logishrd
2014-08-29 08:19 - 2014-05-12 21:16 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-08-27 17:19 - 2014-05-12 21:09 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-08-26 21:39 - 2014-08-26 21:21 - 00000000 ____D () C:\Users\Neo\Desktop\APK TW下載
2014-08-26 21:04 - 2014-05-19 15:18 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-08-23 15:48 - 2014-09-14 20:47 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-08-23 15:13 - 2014-09-14 20:47 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-08-23 14:10 - 2014-09-14 20:47 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-23 13:32 - 2014-09-14 20:47 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-23 12:44 - 2014-09-14 20:47 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-23 12:34 - 2014-09-14 20:47 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-23 12:33 - 2014-09-14 20:47 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-08-23 12:31 - 2014-09-14 20:47 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-23 12:20 - 2014-09-14 20:47 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-23 08:42 - 2014-08-29 08:23 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:43 - 2014-08-20 14:43 - 00000024 _____ () C:\Users\Neo\Desktop\userStartup.cheat
2014-08-17 17:12 - 2014-06-24 01:27 - 00001939 _____ () C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\360安全浏览器7.lnk
2014-08-17 17:12 - 2014-06-24 01:27 - 00000000 ____D () C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 04:51

==================== End Of Log ============================


 

Attached Files

  • Attached File  FRST.txt   79.74KB   1 downloads


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 16 September 2014 - 07:32 AM

Hi there,

does this fix resolve the problem?


Please download this attached Attached File  fixlist.txt   150bytes   6 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 ericneo

ericneo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 16 September 2014 - 11:23 PM

It WORKED! GOD thank you aharonov , you are my saviour!
謝謝你!

and here is my Fixlog.txt btw, how should you know that 「HKU\S-1-5-21-617504413-2862489795-1996612863-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit」IS A hidden Website trace to gameharbor website? thanks anyway!

===========================================================================================
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Neo at 2014-09-17 12:13:31 Run:4
Running from C:\Users\Neo\Desktop\FRST 64
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-617504413-2862489795-1996612863-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
EmptyTemp:
*****************

HKU\S-1-5-21-617504413-2862489795-1996612863-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
EmptyTemp: => Removed 884.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 17 September 2014 - 05:44 AM

You're welcome.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 19 September 2014 - 03:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users