Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Go.save Ad keeps coming back On Google Chrome


  • This topic is locked This topic is locked
24 replies to this topic

#1 suojun

suojun

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 26 October 2014 - 01:02 AM

Hi,

I encountered with this Go.save adware and i cant remove it.

I have read this post: http://www.bleepingcomputer.com/forums/t/551998/go-save-adware-keeps-opening-in-chrome-extensions/

I am not sure if this applies to me.

To save some time, please find the attached files as required in that post. Hope someone can help me solve this. thanks!

 

Suo Jun

Attached Files


Edited by Chris Cosgrove, 26 October 2014 - 07:19 PM.
Moved to Virus, Trojan etc logs section of BC


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 AM

Posted 31 October 2014 - 01:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553356 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:02:19 AM

Posted 01 November 2014 - 05:30 AM

:welcome:

 

You  have a pretty heavily infected computer, read this please

https://herdprotect.com/inofacweso.exe-ff419fef16d177726dad129556c663494ad7d879.aspx

 

 

 

Download ComboFix from one of these locations:
 
 
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
 
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link  for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.
  •  
  • Double click on ComboFix.exe & follow the prompts.
  •  
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 
  •  
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  •  
     
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     
     

    RC1.png

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    RC2-1.png

     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #4 suojun

    suojun
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:19 PM

    Posted 01 November 2014 - 07:12 AM

    Hi, Thanks for your help!

    Please find attached Attached File  ComboFix.txt   188.93KB   3 downloads.

     

    Suo Jun



    #5 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:19 AM

    Posted 01 November 2014 - 07:24 AM

    Lets start from the beginning and give your system a good cleaning and then we can go from there

     

     

    You ran AdwCleaner, run it again, if you can I would prefer if you copied and pasted the logs we ask for into the thread in lieu of attaching them, I know CF was to long to post so thats fine

     

    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
     
    Do not click on any links in the top Advertisment.
     
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #6 suojun

    suojun
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:19 PM

    Posted 01 November 2014 - 07:36 AM

    Adwcleaner log report:

    # AdwCleaner v4.002 - Report created 01/11/2014 at 23:31:17
    # DB v2014-10-26.6
    # Updated 27/10/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : SJ Tan - SJTAN-PC
    # Running from : C:\Users\SJ Tan\Desktop\adwcleaner_4.002.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\Users\Public\Device
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v8.0.7601.18595
     
     
    -\\ Mozilla Firefox v
     
     
    -\\ Google Chrome v38.0.2125.111
     
     
    *************************
     
    AdwCleaner[R0].txt - [21776 octets] - [13/10/2013 15:41:32]
    AdwCleaner[R10].txt - [1659 octets] - [30/10/2014 00:46:10]
    AdwCleaner[R11].txt - [467 octets] - [30/10/2014 17:52:26]
    AdwCleaner[R12].txt - [1840 octets] - [30/10/2014 19:07:48]
    AdwCleaner[R13].txt - [3191 octets] - [01/11/2014 01:58:57]
    AdwCleaner[R14].txt - [12424 octets] - [01/11/2014 11:36:03]
    AdwCleaner[R15].txt - [2470 octets] - [01/11/2014 12:10:15]
    AdwCleaner[R16].txt - [6703 octets] - [01/11/2014 16:08:55]
    AdwCleaner[R17].txt - [2446 octets] - [01/11/2014 18:31:42]
    AdwCleaner[R18].txt - [2606 octets] - [01/11/2014 20:46:27]
    AdwCleaner[R19].txt - [2739 octets] - [01/11/2014 23:28:14]
    AdwCleaner[R1].txt - [1154 octets] - [13/10/2013 16:05:20]
    AdwCleaner[R2].txt - [10495 octets] - [19/09/2014 01:03:30]
    AdwCleaner[R3].txt - [1327 octets] - [19/09/2014 01:15:10]
    AdwCleaner[R4].txt - [11767 octets] - [26/10/2014 17:09:19]
    AdwCleaner[R5].txt - [10802 octets] - [29/10/2014 22:07:44]
    AdwCleaner[R6].txt - [1378 octets] - [29/10/2014 22:20:08]
    AdwCleaner[R7].txt - [1439 octets] - [29/10/2014 22:30:02]
    AdwCleaner[R8].txt - [1538 octets] - [29/10/2014 23:19:01]
    AdwCleaner[R9].txt - [1598 octets] - [30/10/2014 00:37:03]
    AdwCleaner[S0].txt - [20566 octets] - [13/10/2013 15:43:23]
    AdwCleaner[S10].txt - [597 octets] - [01/11/2014 18:36:45]
    AdwCleaner[S11].txt - [2115 octets] - [01/11/2014 23:31:17]
    AdwCleaner[S1].txt - [1218 octets] - [13/10/2013 16:06:31]
    AdwCleaner[S2].txt - [8335 octets] - [19/09/2014 01:04:45]
    AdwCleaner[S3].txt - [9637 octets] - [29/10/2014 22:14:04]
    AdwCleaner[S4].txt - [1715 octets] - [30/10/2014 00:59:03]
    AdwCleaner[S5].txt - [1896 octets] - [30/10/2014 19:11:54]
    AdwCleaner[S6].txt - [1799 octets] - [01/11/2014 02:02:38]
    AdwCleaner[S7].txt - [12678 octets] - [01/11/2014 11:36:31]
    AdwCleaner[S8].txt - [2529 octets] - [01/11/2014 12:26:04]
    AdwCleaner[S9].txt - [6372 octets] - [01/11/2014 16:24:01]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [2717 octets] ##########


    #7 suojun

    suojun
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:19 PM

    Posted 01 November 2014 - 07:45 AM

    below is the JRT scan:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.5 (10.31.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by SJ Tan on 01-Nov-14 at 23:37:16.83
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cf7ae19-b0cc-4adb-af0b-2aab4f6587fc}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5cf7ae19-b0cc-4adb-af0b-2aab4f6587fc}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5cf7ae19-b0cc-4adb-af0b-2aab4f6587fc}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb6e2bb2-6ea6-4954-89c3-172ea7d39d4d}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{cb6e2bb2-6ea6-4954-89c3-172ea7d39d4d}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cb6e2bb2-6ea6-4954-89c3-172ea7d39d4d}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cf7ae19-b0cc-4adb-af0b-2aab4f6587fc}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5cf7ae19-b0cc-4adb-af0b-2aab4f6587fc}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb6e2bb2-6ea6-4954-89c3-172ea7d39d4d}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{cb6e2bb2-6ea6-4954-89c3-172ea7d39d4d}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cf7ae19-b0cc-4adb-af0b-2aab4f6587fc}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5cf7ae19-b0cc-4adb-af0b-2aab4f6587fc}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb6e2bb2-6ea6-4954-89c3-172ea7d39d4d}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{cb6e2bb2-6ea6-4954-89c3-172ea7d39d4d}
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] "C:\Windows\wininit.ini"
     
     
     
    ~~~ Folders
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 01-Nov-14 at 23:41:27.21
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    #8 suojun

    suojun
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:19 PM

    Posted 01 November 2014 - 07:54 AM

    This is awkward but i got to say, somehow go.save just vanished from my google chrome!

    I am still running the last scan that you requested. please wait for a while. Thanks again!



    #9 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:19 AM

    Posted 01 November 2014 - 08:02 AM

    Your doing great.  Just so you know I will be offline about noon today until late this evening


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #10 suojun

    suojun
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:19 PM

    Posted 01 November 2014 - 08:04 AM

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 01-Nov-14
    Scan Time: 11:47:56 PM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.11.01.03
    Rootkit Database: v2014.10.22.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: SJ Tan
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 363269
    Time Elapsed: 13 min, 53 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 20
    Trojan.Agent.EDPT, C:\Users\SJ Tan\AppData\Roaming\Akdiwyzu\maarofo.exe, 3800, , [b5e2c571fb81f1456b71ad1cb34e01ff]
    Spyware.Zbot.VXGen, C:\Users\SJ Tan\AppData\Roaming\Rionroeg\uxteic.exe, 3824, , [4a4db08683f9a69066545a6522df2cd4]
    Spyware.Zbot.VXGen, C:\Users\SJ Tan\AppData\Roaming\Ebnuqyby\govyte.exe, 3864, , [9007d462f5871d192e8b0ab5d829649c]
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Timiucny\hyelqy.exe, 3900, , [d4c36bcb6616e452aa2ec70211f0966a]
    Spyware.Zbot.VXGen, C:\Users\SJ Tan\AppData\Roaming\Coytiti\orqeafl.exe, 3952, , [257245f1770558de4f6affc03bc6e21e]
    Spyware.Zbot.VXGen, C:\Users\SJ Tan\AppData\Roaming\Puivboi\hyufunc.exe, 3960, , [16813204d5a70333e5d7417e48b9ed13]
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Xibiob\agannak.exe, 3988, , [eaad082edd9f53e311c78643e8195ca4]
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Vyviezt\ifadawg.exe, 3996, , [9106c4722b51cb6b865299307889c739]
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Beizuvux\azkuaqu.exe, 4064, , [c7d0fb3b90ec072ff6e2b415639e04fc]
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Saasroon\reatu.exe, 3016, , [692e360035472a0c37a18445e21f22de]
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Xoxeido\qiqua.exe, 3112, , [8017e94df48868cea1373b8e61a0f20e]
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Woamiwim\vyictu.exe, 3192, , [a7f0f640c9b3280e351174e4659bb14f]
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Mumuuvni\quxiyc.exe, 3252, , [0c8be6506a122f07b88e1d3b7d83fa06]
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Vowuigu\qyagib.exe, 3208, , [d4c3270f1c602b0b9ea8a0b842beff01]
    Trojan.Agent.ED, C:\Users\SJ Tan\AppData\Roaming\Uvheqyy\zeyki.exe, 3180, , [01960a2c136983b3797c28319d63fa06]
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Yzybylba\alaby.exe, 3216, , [7522280e4735b77f7dc9da7e60a0ee12]
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Uxolohf\zeluo.exe, 3220, , [2d6a87afd5a7dc5ac08611474bb560a0]
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Ynrobom\ywabom.exe, 3184, , [7324ce68aeceef478db991c748b850b0]
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Zehaeqr\puidu.exe, 3224, , [0097a195bfbd1c1a5aec96c2ea16bc44]
    Trojan.Agent.ED, C:\Users\SJ Tan\AppData\Roaming\Uteqxoo\ryaqu.exe, 3636, , [e0b78da98defcc6aa609508b0ef30ef2]
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 41
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\APPID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}, , [425554e2b0cc2511be955b6937cb6a96], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, , [425554e2b0cc2511be955b6937cb6a96], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, , [425554e2b0cc2511be955b6937cb6a96], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{14D59188-D041-0D39-9176-B5D0DD6DF6C0}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA677CC1-D6FA-4B55-825D-6C493F56ED84}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE575A61-09BD-4F3A-B8B5-B55B813B44EC}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA677CC1-D6FA-4B55-825D-6C493F56ED84}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE575A61-09BD-4F3A-B8B5-B55B813B44EC}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\14D59188-D041-0D39-9176-B5D0DD6DF6C0.Addr.1, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\14D59188-D041-0D39-9176-B5D0DD6DF6C0.Addr, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\14D59188-D041-0D39-9176-B5D0DD6DF6C0.Addr, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\14D59188-D041-0D39-9176-B5D0DD6DF6C0.Addr.1, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{14D59188-D041-0D39-9176-B5D0DD6DF6C0}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{14D59188-D041-0D39-9176-B5D0DD6DF6C0}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.SnavHttpProtocol.1, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.SnavHttpProtocol, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.SnavHttpProtocol, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.SnavHttpProtocol.1, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.JsObject.1, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.JsObject, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.JsObject, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.JsObject.1, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05}, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, , [5245ee480775b18541103b8940c2f808], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}, , [5245ee480775b18541103b8940c2f808], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, , [5245ee480775b18541103b8940c2f808], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, , [5245ee480775b18541103b8940c2f808], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}, , [5245ee480775b18541103b8940c2f808], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker.1, , [5245ee480775b18541103b8940c2f808], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker, , [5245ee480775b18541103b8940c2f808], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker, , [5245ee480775b18541103b8940c2f808], 
    PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker.1, , [5245ee480775b18541103b8940c2f808], 
    PUP.Optional.ZGameTB.A, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{573BF47C-2566-449D-BA1B-417D5D3FB9FD}, , [6c2be056f18b79bda6a601aaad55f40c], 
    PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\SW_Booster, , [e1b6cc6a28549f9727ed5c3a1fe545bb], 
    PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}, , [5641db5b9ae2cc6aa3264eee976c7f81], 
     
    Registry Values: 53
    Trojan.Agent.EDPT, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Letaafsozayh, "C:\Users\SJ Tan\AppData\Roaming\Akdiwyzu\maarofo.exe", , [b5e2c571fb81f1456b71ad1cb34e01ff]
    Trojan.Agent.EDPT, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Letaafsozayh, "C:\Users\SJ Tan\AppData\Roaming\Akdiwyzu\maarofo.exe", , [b5e2c571fb81f1456b71ad1cb34e01ff]
    Spyware.Zbot.VXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Yddabeeckyb, "C:\Users\SJ Tan\AppData\Roaming\Rionroeg\uxteic.exe", , [4a4db08683f9a69066545a6522df2cd4]
    Spyware.Zbot.VXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Yddabeeckyb, "C:\Users\SJ Tan\AppData\Roaming\Rionroeg\uxteic.exe", , [4a4db08683f9a69066545a6522df2cd4]
    Spyware.Zbot.VXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Kabapyygul, "C:\Users\SJ Tan\AppData\Roaming\Ebnuqyby\govyte.exe", , [9007d462f5871d192e8b0ab5d829649c]
    Spyware.Zbot.VXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Kabapyygul, "C:\Users\SJ Tan\AppData\Roaming\Ebnuqyby\govyte.exe", , [9007d462f5871d192e8b0ab5d829649c]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Xarivyenamuvakm, "C:\Users\SJ Tan\AppData\Roaming\Timiucny\hyelqy.exe", , [d4c36bcb6616e452aa2ec70211f0966a]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Xarivyenamuvakm, "C:\Users\SJ Tan\AppData\Roaming\Timiucny\hyelqy.exe", , [d4c36bcb6616e452aa2ec70211f0966a]
    Spyware.Zbot.VXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Qohoolk, "C:\Users\SJ Tan\AppData\Roaming\Coytiti\orqeafl.exe", , [257245f1770558de4f6affc03bc6e21e]
    Spyware.Zbot.VXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Qohoolk, "C:\Users\SJ Tan\AppData\Roaming\Coytiti\orqeafl.exe", , [257245f1770558de4f6affc03bc6e21e]
    Spyware.Zbot.VXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Voaqoszeegkipi, "C:\Users\SJ Tan\AppData\Roaming\Puivboi\hyufunc.exe", , [16813204d5a70333e5d7417e48b9ed13]
    Spyware.Zbot.VXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Voaqoszeegkipi, "C:\Users\SJ Tan\AppData\Roaming\Puivboi\hyufunc.exe", , [16813204d5a70333e5d7417e48b9ed13]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ucegyfxaosaf, "C:\Users\SJ Tan\AppData\Roaming\Xibiob\agannak.exe", , [eaad082edd9f53e311c78643e8195ca4]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ucegyfxaosaf, "C:\Users\SJ Tan\AppData\Roaming\Xibiob\agannak.exe", , [eaad082edd9f53e311c78643e8195ca4]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ebawfy, "C:\Users\SJ Tan\AppData\Roaming\Vyviezt\ifadawg.exe", , [9106c4722b51cb6b865299307889c739]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ebawfy, "C:\Users\SJ Tan\AppData\Roaming\Vyviezt\ifadawg.exe", , [9106c4722b51cb6b865299307889c739]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Uktyupen, "C:\Users\SJ Tan\AppData\Roaming\Beizuvux\azkuaqu.exe", , [c7d0fb3b90ec072ff6e2b415639e04fc]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Uktyupen, "C:\Users\SJ Tan\AppData\Roaming\Beizuvux\azkuaqu.exe", , [c7d0fb3b90ec072ff6e2b415639e04fc]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tiynl, "C:\Users\SJ Tan\AppData\Roaming\Saasroon\reatu.exe", , [692e360035472a0c37a18445e21f22de]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tiynl, "C:\Users\SJ Tan\AppData\Roaming\Saasroon\reatu.exe", , [692e360035472a0c37a18445e21f22de]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ufysewebk, "C:\Users\SJ Tan\AppData\Roaming\Xoxeido\qiqua.exe", , [8017e94df48868cea1373b8e61a0f20e]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ufysewebk, "C:\Users\SJ Tan\AppData\Roaming\Xoxeido\qiqua.exe", , [8017e94df48868cea1373b8e61a0f20e]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Qyyxydmy, "C:\Users\SJ Tan\AppData\Roaming\Woamiwim\vyictu.exe", , [a7f0f640c9b3280e351174e4659bb14f]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Qyyxydmy, "C:\Users\SJ Tan\AppData\Roaming\Woamiwim\vyictu.exe", , [a7f0f640c9b3280e351174e4659bb14f]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Yvaha, "C:\Users\SJ Tan\AppData\Roaming\Mumuuvni\quxiyc.exe", , [0c8be6506a122f07b88e1d3b7d83fa06]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Yvaha, "C:\Users\SJ Tan\AppData\Roaming\Mumuuvni\quxiyc.exe", , [0c8be6506a122f07b88e1d3b7d83fa06]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Iselmuikaquq, "C:\Users\SJ Tan\AppData\Roaming\Vowuigu\qyagib.exe", , [d4c3270f1c602b0b9ea8a0b842beff01]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Iselmuikaquq, "C:\Users\SJ Tan\AppData\Roaming\Vowuigu\qyagib.exe", , [d4c3270f1c602b0b9ea8a0b842beff01]
    Trojan.Agent.ED, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Coeleqcea, "C:\Users\SJ Tan\AppData\Roaming\Uvheqyy\zeyki.exe", , [01960a2c136983b3797c28319d63fa06]
    Trojan.Agent.ED, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Coeleqcea, "C:\Users\SJ Tan\AppData\Roaming\Uvheqyy\zeyki.exe", , [01960a2c136983b3797c28319d63fa06]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ikceuwinrykailu, "C:\Users\SJ Tan\AppData\Roaming\Yzybylba\alaby.exe", , [7522280e4735b77f7dc9da7e60a0ee12]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ikceuwinrykailu, "C:\Users\SJ Tan\AppData\Roaming\Yzybylba\alaby.exe", , [7522280e4735b77f7dc9da7e60a0ee12]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Irduxiabx, "C:\Users\SJ Tan\AppData\Roaming\Uxolohf\zeluo.exe", , [2d6a87afd5a7dc5ac08611474bb560a0]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Irduxiabx, "C:\Users\SJ Tan\AppData\Roaming\Uxolohf\zeluo.exe", , [2d6a87afd5a7dc5ac08611474bb560a0]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Icfyguutazzu, "C:\Users\SJ Tan\AppData\Roaming\Ynrobom\ywabom.exe", , [7324ce68aeceef478db991c748b850b0]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Icfyguutazzu, "C:\Users\SJ Tan\AppData\Roaming\Ynrobom\ywabom.exe", , [7324ce68aeceef478db991c748b850b0]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Vausbyluvoriy, "C:\Users\SJ Tan\AppData\Roaming\Zehaeqr\puidu.exe", , [0097a195bfbd1c1a5aec96c2ea16bc44]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Vausbyluvoriy, "C:\Users\SJ Tan\AppData\Roaming\Zehaeqr\puidu.exe", , [0097a195bfbd1c1a5aec96c2ea16bc44]
    Trojan.Agent.ED, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Hebyrytyyzurakm, "C:\Users\SJ Tan\AppData\Roaming\Uteqxoo\ryaqu.exe", , [e0b78da98defcc6aa609508b0ef30ef2]
    Trojan.Agent.ED, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Hebyrytyyzurakm, "C:\Users\SJ Tan\AppData\Roaming\Uteqxoo\ryaqu.exe", , [e0b78da98defcc6aa609508b0ef30ef2]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Xuoxovamb, "C:\Users\SJ Tan\AppData\Roaming\Ilboaho\ifvoax.exe", , [247389ad37451f17716701c86899a55b]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Xuoxovamb, "C:\Users\SJ Tan\AppData\Roaming\Ilboaho\ifvoax.exe", , [247389ad37451f17716701c86899a55b]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ugyqqayqneohseu, "C:\Users\SJ Tan\AppData\Roaming\Afpaelb\ebalder.exe", , [2572a3934834e45203d511b8f40da15f]
    Spyware.Zbot.MSXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ugyqqayqneohseu, "C:\Users\SJ Tan\AppData\Roaming\Afpaelb\ebalder.exe", , [2572a3934834e45203d511b8f40da15f]
    Trojan.Agent.EDPT, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Awitesmurize, "C:\Users\SJ Tan\AppData\Roaming\Fuicolc\muxix.exe", , [2c6b270f1c6016207765844543be5ba5]
    Trojan.Agent.EDPT, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Awitesmurize, "C:\Users\SJ Tan\AppData\Roaming\Fuicolc\muxix.exe", , [2c6b270f1c6016207765844543be5ba5]
    Spyware.Zbot.VXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ushomat, "C:\Users\SJ Tan\AppData\Roaming\Lytyos\uxteuti.exe", , [d0c7fa3cb7c5d4624575239c6e936b95]
    Spyware.Zbot.VXGen, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ushomat, "C:\Users\SJ Tan\AppData\Roaming\Lytyos\uxteuti.exe", , [d0c7fa3cb7c5d4624575239c6e936b95]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Iboldute, "C:\Users\SJ Tan\AppData\Roaming\Ifyxobz\qeymizi.exe", , [9700f83ecfadbb7bf5511642788813ed]
    Trojan.FakeMS, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Iboldute, "C:\Users\SJ Tan\AppData\Roaming\Ifyxobz\qeymizi.exe", , [9700f83ecfadbb7bf5511642788813ed]
    Trojan.Inject, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ibluytcu, "C:\Users\SJ Tan\AppData\Roaming\Osfeaha\lyatl.exe", , [7027ac8ab9c381b578d8dee8cc35857b]
    Trojan.Agent.EV, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE, "C:\Users\SJ Tan\AppData\Roaming\Microsoft\Windows\IEUpdate\TSTheme.exe", , [702789ad780473c3d86347eb927144bc]
    Trojan.Agent, HKU\S-1-5-21-1579189689-3461082011-692137642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run, "C:\Users\SJ Tan\AppData\Roaming\Microsoft\Windows\IEUpdate\TSTheme.exe", , [673039fddd9f60d6e89eae7cf2119c64]
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 2
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
     
    Files: 510
    Trojan.Agent.EDPT, C:\Users\SJ Tan\AppData\Roaming\Akdiwyzu\maarofo.exe, , [b5e2c571fb81f1456b71ad1cb34e01ff], 
    Spyware.Zbot.VXGen, C:\Users\SJ Tan\AppData\Roaming\Rionroeg\uxteic.exe, , [4a4db08683f9a69066545a6522df2cd4], 
    Spyware.Zbot.VXGen, C:\Users\SJ Tan\AppData\Roaming\Ebnuqyby\govyte.exe, , [9007d462f5871d192e8b0ab5d829649c], 
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Timiucny\hyelqy.exe, , [d4c36bcb6616e452aa2ec70211f0966a], 
    Spyware.Zbot.VXGen, C:\Users\SJ Tan\AppData\Roaming\Coytiti\orqeafl.exe, , [257245f1770558de4f6affc03bc6e21e], 
    Spyware.Zbot.VXGen, C:\Users\SJ Tan\AppData\Roaming\Puivboi\hyufunc.exe, , [16813204d5a70333e5d7417e48b9ed13], 
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Xibiob\agannak.exe, , [eaad082edd9f53e311c78643e8195ca4], 
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Vyviezt\ifadawg.exe, , [9106c4722b51cb6b865299307889c739], 
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Beizuvux\azkuaqu.exe, , [c7d0fb3b90ec072ff6e2b415639e04fc], 
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Saasroon\reatu.exe, , [692e360035472a0c37a18445e21f22de], 
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Xoxeido\qiqua.exe, , [8017e94df48868cea1373b8e61a0f20e], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Woamiwim\vyictu.exe, , [a7f0f640c9b3280e351174e4659bb14f], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Mumuuvni\quxiyc.exe, , [0c8be6506a122f07b88e1d3b7d83fa06], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Vowuigu\qyagib.exe, , [d4c3270f1c602b0b9ea8a0b842beff01], 
    Trojan.Agent.ED, C:\Users\SJ Tan\AppData\Roaming\Uvheqyy\zeyki.exe, , [01960a2c136983b3797c28319d63fa06], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Yzybylba\alaby.exe, , [7522280e4735b77f7dc9da7e60a0ee12], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Uxolohf\zeluo.exe, , [2d6a87afd5a7dc5ac08611474bb560a0], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Ynrobom\ywabom.exe, , [7324ce68aeceef478db991c748b850b0], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Zehaeqr\puidu.exe, , [0097a195bfbd1c1a5aec96c2ea16bc44], 
    Trojan.Agent.ED, C:\Users\SJ Tan\AppData\Roaming\Uteqxoo\ryaqu.exe, , [e0b78da98defcc6aa609508b0ef30ef2], 
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Ilboaho\ifvoax.exe, , [247389ad37451f17716701c86899a55b], 
    Spyware.Zbot.MSXGen, C:\Users\SJ Tan\AppData\Roaming\Afpaelb\ebalder.exe, , [2572a3934834e45203d511b8f40da15f], 
    Trojan.Agent.EDPT, C:\Users\SJ Tan\AppData\Roaming\Fuicolc\muxix.exe, , [2c6b270f1c6016207765844543be5ba5], 
    Spyware.Zbot.VXGen, C:\Users\SJ Tan\AppData\Roaming\Lytyos\uxteuti.exe, , [d0c7fa3cb7c5d4624575239c6e936b95], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Ifyxobz\qeymizi.exe, , [9700f83ecfadbb7bf5511642788813ed], 
    Trojan.Inject, C:\Users\SJ Tan\AppData\Roaming\Osfeaha\lyatl.exe, , [7027ac8ab9c381b578d8dee8cc35857b], 
    PUP.Optional.Funshion, C:\Program Files (x86)\QvodPlayer\AddIn\{14D59188-D041-0D39-9176-B5D0DD6DF6C0}\QvodAddr.dll, , [722589ad4537340296bc8a3a01014bb5], 
    PUP.Optional.Funshion, C:\Program Files (x86)\QvodPlayer\AddIn\{14D59188-D041-0D39-9176-B5D0DD6DF6C0}\ASBarBroker.exe, , [5245ee480775b18541103b8940c2f808], 
    Trojan.Agent.FF, C:\ProgramData\Windows Genuine Advantage\{5759480D-3D11-475A-AE92-3DE806F9D84A}\msiexec.exe, , [7b1c95a13d3fec4ad0c4be737c85ee12], 
    Trojan.Agent.FF, C:\ProgramData\Windows Genuine Advantage\{622B7AAE-DF59-4576-AC05-57AE7F583EB2}\msiexec.exe, , [dabd033329531e184f451120ff027888], 
    Trojan.MSIL.BVXGen, C:\ProgramData\Windows Genuine Advantage\{71078FD6-3B50-4BE3-B71B-5E7B9B98F6EC}\msiexec.exe, , [574066d08eee94a240e8c11807faa858], 
    Trojan.MSIL.BVXGen, C:\ProgramData\Windows Genuine Advantage\{99439816-E4B8-449C-A416-58113AF52CBF}\msiexec.exe, , [6b2c181eabd126101c0c9b3e7a871fe1], 
    Trojan.Dropper, C:\ProgramData\Windows Genuine Advantage\{A872C173-E8CF-470B-BE01-5D2B16827980}\msiexec.exe, , [0f88ed49552782b40c35e5e2e41d49b7], 
    Trojan.Agent.FF, C:\ProgramData\Windows Genuine Advantage\{E7FF8375-4F16-4CC3-84EC-3FDE4C963978}\msiexec.exe, , [f89f9c9aafcd87af2173cb669d643cc4], 
    Trojan.Reveton, C:\ProgramData\Windows Genuine Advantage\{F801BEDA-C339-47E8-8079-E28DD70A6537}\api-ms-win-system-d3d10core-l1-1-0.dll, , [692e989e86f6ee480625289f32cf7888], 
    PUP.Optional.CrossRider.A, C:\Users\SJ Tan\AppData\Roaming\AZDV.exe, , [2f688fa7dd9f77bfa1cc2d28956bef11], 
    PUP.Optional.CrossRider.A, C:\Users\SJ Tan\AppData\Roaming\LPBHJGLV.exe, , [e8afd561285465d184e89fb615ebec14], 
    Trojan.Inject, C:\Users\SJ Tan\AppData\Roaming\Accokimy\irtya.exe, , [593ed6604339ae88f15f90360bf60df3], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Avihroru\hiuxm.exe, , [069189ad0b7161d5eb5b2a2e7c848c74], 
    Trojan.Agent.ED, C:\Users\SJ Tan\AppData\Roaming\Muebmeo\elykhu.exe, , [b8df2016116b3cfaf6d26aee7f8158a8], 
    Trojan.Agent.ED, C:\Users\SJ Tan\AppData\Roaming\Ogabnuo\humua.exe, , [9ef961d55b21f93deb0a76e39b658779], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Upwofuem\igexuto.exe, , [5a3d3ef8acd0ac8ad86ed8809e62659b], 
    Trojan.FakeMS, C:\Users\SJ Tan\AppData\Roaming\Hugeese\qizohei.exe, , [148340f60a7244f2fb4b2830e21ec23e], 
    Trojan.Agent.ED, C:\Users\SJ Tan\AppData\Roaming\Igyculw\biceilo.exe, , [fb9c4ee8067664d236797b60f20f11ef], 
    Trojan.Agent, C:\Users\SJ Tan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AodbeARMHelper.exe, , [fc9b53e3ceaee056b5f6507b45bc1ee2], 
    Trojan.Agent, C:\Users\SJ Tan\AppData\Local\Temp\tm401B.tmp, , [2f681125d9a33303218a8b406e93a25e], 
    Trojan.Dropper.ED, C:\Users\SJ Tan\AppData\Local\YWKPack\tmp3011.exe, , [7423de58fe7ee551917accf646bb7789], 
    PUP.Optional.Booster.A, C:\Windows\System32\Tasks\SW-Booster-S-792098896, , [bdda40f6720af640c66e1c1e50b33cc4], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403050850-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331002054-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331002054-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331005151-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331005151-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331012237-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331012237-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331015327-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331015327-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331022411-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331022411-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331025502-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331025502-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331032546-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331032546-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331035642-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331035642-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331042724-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331045823-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331045823-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331052917-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331052917-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331060012-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331060012-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331063219-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331063219-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331070311-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331070311-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331073403-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331073403-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331080459-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331080459-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331083555-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331090655-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331090655-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331093751-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331093751-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331100847-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331100847-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331103947-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331103947-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331111047-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331111047-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331121226-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331121226-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331124328-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331124328-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331131420-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331131420-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331134514-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331141608-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331141608-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331144657-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331144657-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331151748-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331151748-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331154846-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331154846-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331161942-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331161942-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331165044-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331165044-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331172135-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331172135-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331175238-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331042724-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331083555-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331134514-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331175238-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401033955-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401092136-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401132829-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401183637-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402052450-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402124032-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402171926-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402212632-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403010231-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401000403-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401000403-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401010536-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401010536-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401013627-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401013627-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401020715-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401020715-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401023816-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401023816-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401030907-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401030907-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401033955-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331182340-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331182340-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331185435-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331185435-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331192530-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331192530-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331195629-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331195629-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331202731-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331202731-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331205828-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331205828-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331212923-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331212923-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331220020-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331220020-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331223122-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331223122-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331230214-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331230214-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331233315-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130331233315-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401041047-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401041047-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401051228-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401051228-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401054325-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401054325-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401061548-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401061548-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401064645-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401064645-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401071756-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401071756-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401081944-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401081944-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401085046-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401085046-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401092136-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401095230-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401095230-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401102326-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401102326-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401105418-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401105418-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401112502-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401112502-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401115554-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401115554-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401122648-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401122648-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401125738-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401125738-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401132829-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401143003-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401143003-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401150053-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401150053-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401153140-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401153140-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401160233-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401160233-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401163325-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401163325-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401170406-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401170406-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401173455-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401173455-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401180544-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401180544-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401183637-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401190737-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401190737-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401200923-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401200923-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401211100-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401211100-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401214156-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401214156-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401221243-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401221243-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401224344-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401224344-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401231431-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130401231431-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402001609-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402001609-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402004711-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402004711-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402011803-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402011803-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402021944-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402021944-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402032128-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402032128-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402042309-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402042309-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402045408-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402045408-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402052450-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402062814-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402062814-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402093413-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402093413-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402100522-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402100522-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402103617-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402103617-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402110722-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402110722-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402113825-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402113825-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402120931-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402120931-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402124032-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402131134-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402131134-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402134235-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402134235-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402141339-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402141339-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402144440-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402144440-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402151534-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402151534-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402154637-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402154637-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402161727-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402161727-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402164825-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402164825-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402171926-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402175035-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402175035-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402182133-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402182133-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402185224-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402185224-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402192313-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402192313-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402195403-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402195403-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402202454-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402202454-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402205544-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402205544-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402212632-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402215724-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402215724-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402222816-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402222816-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402225909-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402225909-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402232958-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130402232958-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403000051-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403000051-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403003142-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403003142-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403010231-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403013320-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403013320-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403020404-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403020404-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403023455-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403023455-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403030539-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403030539-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403033629-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403033629-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403040716-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403040716-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403043807-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403043807-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403050850-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403053937-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403053937-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403061149-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403061149-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403064237-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403064237-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403071315-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403071315-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403074359-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403074359-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403081438-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403081438-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403084525-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403084525-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403091605-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403091605-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403094653-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403101733-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403101733-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403104819-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403104819-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403111859-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403111859-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403114944-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403114944-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403122024-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403122024-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403125112-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403125112-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403132154-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403132154-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403135241-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403142321-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403142321-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403145409-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403145409-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403152452-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403152452-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403155539-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403155539-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403162621-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403162621-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403165708-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403165708-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403172750-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403172750-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403175838-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403175838-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403182920-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403190007-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403190007-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403193046-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403193046-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403200134-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403200134-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403203216-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403203216-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403210311-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403210311-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403213403-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403213403-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403220454-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403220454-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403223544-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403230634-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403230634-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403233723-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403233723-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404000815-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404000815-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404003903-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404003903-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404010953-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404010953-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404014044-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404014044-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404021132-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404024222-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404024222-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404031311-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404031311-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404034402-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404034402-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404041449-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404041449-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404044540-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404044540-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404051630-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404051630-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404054721-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404054721-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404061929-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403094653-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403135241-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403182920-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130403223544-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404021132-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404061929-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404115800-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404163501-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405032025-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404065017-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404065017-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404072100-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404072100-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404082231-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404082231-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404085318-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404085318-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404092407-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404092407-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404095453-f.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404102540-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404102540-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404112712-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404112712-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404115800-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404122846-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404122846-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404125936-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404125936-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404133021-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404133021-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404140112-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404140112-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404143200-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404143200-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404150249-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404150249-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404153336-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404153336-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404160416-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404160416-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\temp.zip, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405001554-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405001554-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405004642-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405004642-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405011722-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405011722-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405014815-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405014815-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405021854-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405021854-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405024943-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405024943-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405032025-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404163501-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404170540-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404170540-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404173627-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404173627-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404180705-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404180705-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404183752-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404183752-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404190832-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404190832-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404193920-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404193920-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404201000-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404201000-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404204049-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404204049-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404211128-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404211128-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404214217-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404214217-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404221257-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404221257-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404224346-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404224346-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404231427-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404231427-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404234514-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130404234514-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405035112-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405035112-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405042153-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405042153-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405045242-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405045242-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405052323-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405052323-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405055412-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405055412-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405062613-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405062613-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405065700-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405065700-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405072745-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405072745-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405075832-l.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.ZGameTB.A, C:\Users\SJ Tan\AppData\Local\zgametb\data\130405075832-m.list, , [8f085dd9c3b9d363c0ed1ff0659ec739], 
    PUP.Optional.SearchAll.A, C:\Users\SJ Tan\AppData\Roaming\Mozilla\Firefox\Profiles\hn5b142s.default-1411049628146\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://websearch.searc-hall.info/?pid=1889&r=2014/11/01&hid=12885226047306184691&lg=EN&cc=AU&unqvl=65");), ,[e4b34fe7691345f1a3d712574abbff01]
    PUP.Optional.SearchAll.A, C:\Users\SJ Tan\AppData\Roaming\Mozilla\Firefox\Profiles\hn5b142s.default-1411049628146\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://websearch.searc-hall.info/?pid=1889&r=2014/11/01&hid=12885226047306184691&lg=EN&cc=AU&unqvl=65&l=1&q=");), ,[83142f0791eb1e1818646efb8085e020]
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #11 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:19 AM

    Posted 01 November 2014 - 08:15 AM

    I dont see those bad entries removed with Malwarebytes, run a new Threat scan and make sure there gone, Let me know. If Malwarebytes comes back clean then run a new scan with FRST, be sure to checkmark Additions and post both logs


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #12 suojun

    suojun
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:19 PM

    Posted 01 November 2014 - 09:03 AM

    yea it's clean again with Malwarebytes.

    here is the scan result with FRST:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
    Ran by SJ Tan (administrator) on SJTAN-PC on 02-11-2014 01:00:10
    Running from C:\Users\SJ Tan\Downloads
    Loaded Profile: SJ Tan (Available profiles: SJ Tan)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Dropbox, Inc.) C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\winver.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

    And the addtion.txt as well:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014
    Ran by SJ Tan at 2014-11-02 01:00:58
    Running from C:\Users\SJ Tan\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    ACDSee Photo Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.342 - ACD Systems International Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34947 - BitTorrent Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    Dell Communications (Support Software) (HKLM-x32\...\{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}) (Version: 1.0.09094 - Dell)
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
    Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
    Dropbox (HKCU\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
    DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
    FastAccess (HKLM\...\{372D0C6A-070B-49AA-AB73-ABDDFA5C2F5D}) (Version: 2.4.90.1 - Sensible Vision)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
    Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
    R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
    RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1074 - RStudio)
    S-PLUS 8.0 (HKLM-x32\...\{B8616FE6-C69E-4FBA-8349-893F5B073C89}) (Version:  - )
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
    WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
    Windows 7 USB/DVD Download Tool (HKLM-x32\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
    WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}) (Version: 14.0.8688 - WinZip Computing, S.L. )
    快播 5.20.234 (HKLM-x32\...\QvodPlayer) (Version: 5.20.234 - Shenzhen Qvod Technology Co.,Ltd)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-1579189689-3461082011-692137642-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1579189689-3461082011-692137642-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1579189689-3461082011-692137642-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1579189689-3461082011-692137642-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1579189689-3461082011-692137642-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1579189689-3461082011-692137642-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1579189689-3461082011-692137642-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1579189689-3461082011-692137642-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1579189689-3461082011-692137642-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
     
    ==================== Restore Points  =========================
     
    28-10-2014 06:26:50 Windows Update
    28-10-2014 06:47:26 Windows Update
    31-10-2014 11:42:41 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-14 13:34 - 2014-11-01 22:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {02CC7770-E106-4961-B3B5-942F67BB949A} - System32\Tasks\Security Center Update - 3195822393 => C:\Users\SJ Tan\AppData\Roaming\Woamiwim\vyictu.exe <==== ATTENTION
    Task: {02FC4FB1-DAAB-4509-9467-68FBA84E327B} - System32\Tasks\Security Center Update - 2491208742 => C:\Users\SJ Tan\AppData\Roaming\Begeis\axokib.exe <==== ATTENTION
    Task: {03B5767B-DCFF-4F87-B3F0-517FCF0F657A} - System32\Tasks\Security Center Update - 3158260376 => C:\Users\SJ Tan\AppData\Roaming\Lytyos\uxteuti.exe <==== ATTENTION
    Task: {0549D859-4572-469D-8941-3CA6D002EC53} - System32\Tasks\Security Center Update - 3809162415 => C:\Users\SJ Tan\AppData\Roaming\Isondit\meperit.exe <==== ATTENTION
    Task: {05E41B96-2387-492F-9FD9-F6530E37DD76} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {06EB1923-7C65-42C1-833E-F56B6CBE57C7} - System32\Tasks\Security Center Update - 1116163782 => C:\Users\SJ Tan\AppData\Roaming\Saasroon\reatu.exe <==== ATTENTION
    Task: {0A2511F4-EA01-49A3-A3B8-B564C9E30A75} - System32\Tasks\Security Center Update - 772234879 => C:\Users\SJ Tan\AppData\Roaming\Ebnuqyby\govyte.exe <==== ATTENTION
    Task: {0C9CC5CA-7173-4620-A629-7FFC5FA9E458} - System32\Tasks\Security Center Update - 4079046134 => C:\Users\SJ Tan\AppData\Roaming\Eqfuwy\lygeku.exe <==== ATTENTION
    Task: {0CA50110-3D7A-411A-9077-915314214D88} - System32\Tasks\Security Center Update - 2820479685 => C:\Users\SJ Tan\AppData\Roaming\Hugeese\qizohei.exe <==== ATTENTION
    Task: {148D4932-8F33-4494-B2D1-126DDE7679C2} - System32\Tasks\Security Center Update - 47048736 => C:\Users\SJ Tan\AppData\Roaming\Rionroeg\uxteic.exe <==== ATTENTION
    Task: {19A0EE32-0F5B-4FE3-8DA1-D5016E0763F1} - System32\Tasks\4740 => Wscript.exe C:\Users\SJTAN~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {1D4158D9-24F0-42FD-A33F-8CE398EBC38D} - System32\Tasks\Security Center Update - 3647123901 => C:\Users\SJ Tan\AppData\Roaming\Muebmeo\elykhu.exe <==== ATTENTION
    Task: {261EB1A3-7AC6-4E33-9ACA-50E4AD0BA07E} - System32\Tasks\Security Center Update - 2234802374 => C:\Users\SJ Tan\AppData\Roaming\Puivboi\hyufunc.exe <==== ATTENTION
    Task: {2982E052-9125-4A54-8DC8-13D77BB84104} - System32\Tasks\Security Center Update - 3792790081 => C:\Users\SJ Tan\AppData\Roaming\Reanwi\yqefl.exe <==== ATTENTION
    Task: {35982A1D-0F17-42C9-962C-229F3AADE2E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-25] (Adobe Systems Incorporated)
    Task: {36E32497-F15C-4998-B2C5-55C09A2AB588} - System32\Tasks\Security Center Update - 2796861680 => C:\Users\SJ Tan\AppData\Roaming\Fuicolc\muxix.exe <==== ATTENTION
    Task: {3F68216F-7C1D-4C7D-B5F2-16D6892C8DC6} - System32\Tasks\Security Center Update - 4026266676 => C:\Users\SJ Tan\AppData\Roaming\Exahce\eldehy.exe <==== ATTENTION
    Task: {43C69F27-D324-4922-9A30-99EF12F53C8F} - System32\Tasks\Security Center Update - 3323389597 => C:\Users\SJ Tan\AppData\Roaming\Vyviezt\ifadawg.exe <==== ATTENTION
    Task: {50DEE5BF-D178-48CB-BA9D-E8A64ACB0678} - System32\Tasks\Security Center Update - 4139511517 => C:\Users\SJ Tan\AppData\Roaming\Beizuvux\azkuaqu.exe <==== ATTENTION
    Task: {51F852CB-1729-476A-B888-AF587F2C8F0A} - System32\Tasks\Security Center Update - 1454749242 => C:\Users\SJ Tan\AppData\Roaming\Ogabnuo\humua.exe <==== ATTENTION
    Task: {54911E78-D0CC-4839-BFB7-5633B33A0D8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
    Task: {54C4AFF4-661A-4EE3-B840-11E7D2847F7C} - System32\Tasks\Security Center Update - 6150237 => C:\Users\SJ Tan\AppData\Roaming\Akdiwyzu\maarofo.exe <==== ATTENTION
    Task: {58C97C96-296F-476F-A721-35AE7E446FE6} - System32\Tasks\Security Center Update - 2353739521 => C:\Users\SJ Tan\AppData\Roaming\Coytiti\orqeafl.exe <==== ATTENTION
    Task: {5DEADECE-608F-426B-AB5F-480DA621A99C} - System32\Tasks\Security Center Update - 813857555 => C:\Users\SJ Tan\AppData\Roaming\Ifyxobz\qeymizi.exe <==== ATTENTION
    Task: {5E7DAD4C-38D4-4D84-8439-291A49FA9DAB} - System32\Tasks\Security Center Update - 2954155310 => C:\Users\SJ Tan\AppData\Roaming\Xoxeido\qiqua.exe <==== ATTENTION
    Task: {6F412970-9708-4658-9E84-5DDBD3B16CB9} - System32\Tasks\Security Center Update - 3751270481 => C:\Users\SJ Tan\AppData\Roaming\Iphepu\eqalko.exe <==== ATTENTION
    Task: {714B3F2B-D473-4AC2-B244-72E546C0360D} - System32\Tasks\Security Center Update - 1895530081 => C:\Users\SJ Tan\AppData\Roaming\Xibiob\agannak.exe <==== ATTENTION
    Task: {735D5963-C0CD-43AF-B9E4-7704807E2EA2} - System32\Tasks\Security Center Update - 1118505552 => C:\Users\SJ Tan\AppData\Roaming\Idwayrr\utema.exe <==== ATTENTION
    Task: {75FF0846-40A4-42B3-BDC9-3E1ED96F3707} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SJTan-PC-SJ Tan SJTan-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-04] (Microsoft Corporation)
    Task: {78756226-3B6E-4605-A59D-F3438DA2EED5} - System32\Tasks\360safe\Safebox Startup => C:\Program Files (x86)\360\360SafeBox\Launcher.exe
    Task: {7CEE762E-D340-42D5-BF3B-A94A9525AFDA} - System32\Tasks\Security Center Update - 127326787 => C:\Users\SJ Tan\AppData\Roaming\Uvonti\urirot.exe <==== ATTENTION
    Task: {89EB57E8-500E-4D11-89AD-EADD5C027231} - System32\Tasks\Security Center Update - 3847674173 => C:\Users\SJ Tan\AppData\Roaming\Upwofuem\igexuto.exe <==== ATTENTION
    Task: {8BFA5B2B-440F-40C8-B46B-E7DA953C9134} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-22] (Piriform Ltd)
    Task: {922FD99F-EF5B-45D9-BE1D-F664E5D0141D} - System32\Tasks\{2EAAE674-329A-46CB-9787-CA569A75DEBE} => Chrome.exe 
    Task: {96648A30-6881-4190-B8CE-7AC12B64EC55} - System32\Tasks\Security Center Update - 1744159257 => C:\Users\SJ Tan\AppData\Roaming\Igyculw\biceilo.exe <==== ATTENTION
    Task: {A3944794-BDDF-4BC8-9047-80AE00E1BEAE} - System32\Tasks\Security Center Update - 287420291 => C:\Users\SJ Tan\AppData\Roaming\Avihroru\hiuxm.exe <==== ATTENTION
    Task: {A9DFDCC3-C1E2-43C3-BE92-5B25AF16EC6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
    Task: {AB535181-D521-46AB-A451-69D9B3C1D7F5} - System32\Tasks\Security Center Update - 3053655436 => C:\Users\SJ Tan\AppData\Roaming\Uxolohf\zeluo.exe <==== ATTENTION
    Task: {B4159E8A-C049-409D-8418-A9388AEECDFA} - System32\Tasks\Security Center Update - 970097425 => C:\Users\SJ Tan\AppData\Roaming\Mumuuvni\quxiyc.exe <==== ATTENTION
    Task: {BB2E9185-486C-49F6-8E68-2E3FC4F9C3F1} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
    Task: {BC10B235-AE23-4EE2-8D2B-AAFDF668A0FA} - System32\Tasks\Security Center Update - 606677113 => C:\Users\SJ Tan\AppData\Roaming\Onubbi\lyarqy.exe <==== ATTENTION
    Task: {BE45F6B6-3852-485B-878D-3A096E650508} - \SidebarExecute No Task File <==== ATTENTION
    Task: {BF5E3CE2-A8DF-4E32-B004-B2D2B1F0D91A} - System32\Tasks\Security Center Update - 4024366643 => C:\Users\SJ Tan\AppData\Roaming\Otosso\luuze.exe <==== ATTENTION
    Task: {C142A61C-5598-49B4-9782-C896FD2B3DD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-04] (Microsoft Corporation)
    Task: {C16E0D12-E559-42E4-AD34-DD2EA6E47C84} - System32\Tasks\Security Center Update - 1915724328 => C:\Users\SJ Tan\AppData\Roaming\Vowuigu\qyagib.exe <==== ATTENTION
    Task: {C6BB83B8-F85F-473A-BE43-CC7CE8F5C416} - System32\Tasks\Security Center Update - 3046385004 => C:\Users\SJ Tan\AppData\Roaming\Afpaelb\ebalder.exe <==== ATTENTION
    Task: {D0091889-648E-4391-9A48-1C2E5EE5512E} - System32\Tasks\Security Center Update - 35795931 => C:\Users\SJ Tan\AppData\Roaming\Timiucny\hyelqy.exe <==== ATTENTION
    Task: {D13740F9-58E8-4F0A-A692-9CCFC94A46EE} - System32\Tasks\Security Center Update - 3231382482 => C:\Users\SJ Tan\AppData\Roaming\Zehaeqr\puidu.exe <==== ATTENTION
    Task: {E914DCE3-F67D-4E39-A076-15C8E1CCEDFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-04] (Microsoft Corporation)
    Task: {EA25717B-EE0F-436C-B5A4-4D8C63122467} - System32\Tasks\Security Center Update - 2855278231 => C:\Users\SJ Tan\AppData\Roaming\Ynrobom\ywabom.exe <==== ATTENTION
    Task: {F00AD5A3-27F1-40A8-9F47-F2D83024075D} - System32\Tasks\{260C40DA-23E3-0908-CD48-4F5A06181D1A} => C:\Users\SJ Tan\AppData\Roaming\oPWooDqG\zYPZYwfP\oqmCEzup\GQwiZTGgK.exe
    Task: {F11BEBEF-8457-4FDC-8698-89324AC47F2E} - System32\Tasks\Security Center Update - 761366423 => C:\Users\SJ Tan\AppData\Roaming\Ilboaho\ifvoax.exe <==== ATTENTION
    Task: {F127C6CF-DE78-4A79-8B12-E98906B5FD98} - System32\Tasks\Security Center Update - 909652720 => C:\Users\SJ Tan\AppData\Roaming\Acmedu\egedl.exe <==== ATTENTION
    Task: {F4470178-25C1-432A-9E32-BDC65BC1C8EE} - System32\Tasks\Security Center Update - 1907485186 => C:\Users\SJ Tan\AppData\Roaming\Yzybylba\alaby.exe <==== ATTENTION
    Task: {F45F17B9-64B8-41D0-ABDD-C3DF6E0D4A4E} - System32\Tasks\Security Center Update - 1650907934 => C:\Users\SJ Tan\AppData\Roaming\Uteqxoo\ryaqu.exe <==== ATTENTION
    Task: {F7C7C3E9-531E-4550-A58B-7F7BBBBECCAF} - \SW-Booster-S-792098896 No Task File <==== ATTENTION
    Task: {F970BE5D-BA71-4964-8F75-21B6293318E8} - System32\Tasks\Funshion\FSPlatform => C:\Users\SJ Tan\funshion\funshiontools\FSPAP.exe
    Task: {FB64A9B7-7C4E-4ECD-83D1-655C3DFD5E21} - System32\Tasks\Security Center Update - 2563426936 => C:\Users\SJ Tan\AppData\Roaming\Ywbunu\gaypr.exe <==== ATTENTION
    Task: {FF9A5C9A-0E58-48F8-9C9E-03B154D70E6C} - System32\Tasks\Security Center Update - 894069570 => C:\Users\SJ Tan\AppData\Roaming\Uvheqyy\zeyki.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AZDV.job => C:\Users\SJ Tan\AppData\Roaming\AZDV.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\LPBHJGLV.job => C:\Users\SJ Tan\AppData\Roaming\LPBHJGLV.exe <==== ATTENTION
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-05-04 12:10 - 2014-05-04 12:10 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-05-04 11:55 - 2013-10-31 19:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-05-04 11:55 - 2014-03-25 14:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
    2010-10-07 06:48 - 2011-08-19 02:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2009-12-30 06:19 - 2009-12-30 06:19 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
    2014-10-18 11:46 - 2014-10-18 11:46 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\e518b17c5e71c048e9a4c7314a9e37e8\VistaBridgeLibrary.ni.dll
    2010-02-21 23:53 - 2010-02-21 23:53 - 00094536 _____ () C:\Windows\system32\FAIEExtension.DLL
    2014-10-30 22:23 - 2014-11-01 13:27 - 04026880 _____ () c:\Program Files (x86)\DeltaFix\DeltaFix.dll
    2014-05-04 11:57 - 2014-05-04 12:11 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2014-09-15 21:01 - 2014-09-15 21:01 - 00821760 _____ () C:\Users\SJ Tan\AppData\Local\YWKPack\qgxquldhwuzxhko.dll
    2014-09-15 03:30 - 2014-09-15 03:30 - 00802816 _____ () C:\Users\SJ Tan\AppData\Local\Ubhzmedia\ep0lvr1g.dll
    2014-11-02 00:27 - 2014-11-02 00:27 - 00043008 _____ () c:\users\sjtan~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps8amp9.dll
    2013-08-24 06:01 - 2013-08-24 06:01 - 25100288 _____ () C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\libcef.dll
    2014-11-01 12:49 - 2014-10-22 15:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
    2014-11-01 12:49 - 2014-10-22 15:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
    2014-11-01 12:49 - 2014-10-22 15:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
    2014-11-01 12:49 - 2014-10-22 15:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
    2014-11-01 12:49 - 2014-10-22 15:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
    2014-04-18 15:12 - 2014-04-18 15:12 - 00115328 _____ () C:\Program Files (x86)\QvodPlayer\QvodStatistic.dll
    2014-04-11 17:25 - 2014-04-11 17:25 - 00137648 _____ () C:\Program Files (x86)\QvodPlayer\NetUtil.dll
    2014-04-11 17:25 - 2014-04-11 17:25 - 00188032 _____ () C:\Program Files (x86)\QvodPlayer\webctrl.dll
    2014-04-11 17:25 - 2014-04-11 17:25 - 02453120 _____ () C:\Program Files (x86)\QvodPlayer\QMediaInfo.dll
    2014-04-25 18:19 - 2014-04-25 18:19 - 00414640 _____ () C:\Program Files (x86)\QvodPlayer\QmvPlus.dll
    2014-04-11 17:25 - 2014-04-11 17:25 - 00365184 _____ () C:\Program Files (x86)\QvodPlayer\dblite.dll
    2014-04-11 17:25 - 2014-04-11 17:25 - 00432048 _____ () C:\Program Files (x86)\QvodPlayer\Paubar.dll
    2014-04-11 17:25 - 2014-04-11 17:25 - 00659456 _____ () C:\Program Files (x86)\QvodPlayer\Codecs\XVIDCORE.DLL
    2014-04-11 17:25 - 2014-04-11 17:25 - 00086016 _____ () C:\Program Files (x86)\QvodPlayer\Codecs\XVIDDEC.AX
    2014-05-07 20:23 - 2014-05-07 20:23 - 00508110 _____ () C:\Program Files (x86)\QvodPlayer\Codecs\FFMPEG\LIBAMRNB-3.DLL
    2014-05-07 20:23 - 2014-05-07 20:23 - 00429767 _____ () C:\Program Files (x86)\QvodPlayer\Codecs\FFMPEG\LIBMP3LAME-0.DLL
    2014-05-07 20:23 - 2014-05-07 20:23 - 00129550 _____ () C:\Program Files (x86)\QvodPlayer\Codecs\FFMPEG\AVUTIL-51.DLL
    2014-05-07 20:23 - 2014-05-07 20:23 - 00225294 _____ () C:\Program Files (x86)\QvodPlayer\Codecs\FFMPEG\SWSCALE-2.DLL
    2014-05-07 20:23 - 2014-05-07 20:23 - 05943822 _____ () C:\Program Files (x86)\QvodPlayer\Codecs\FFMPEG\AVCODEC-53.DLL
    2014-05-07 20:23 - 2014-05-07 20:23 - 01032206 _____ () C:\Program Files (x86)\QvodPlayer\Codecs\FFMPEG\AVFORMAT-53.DLL
    2014-04-11 17:25 - 2014-04-11 17:25 - 00278144 _____ () C:\Program Files (x86)\QvodPlayer\Codecs\QVODSOUND.AX
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1579189689-3461082011-692137642-500 - Administrator - Disabled)
    Guest (S-1-5-21-1579189689-3461082011-692137642-501 - Limited - Disabled)
    SJ Tan (S-1-5-21-1579189689-3461082011-692137642-1000 - Administrator - Enabled) => C:\Users\SJ Tan
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
    Name: bd0004
    Description: bd0004
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer: 
    Service: bd0004
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (11/02/2014 00:28:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/01/2014 11:44:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
     
    System errors:
    =============
    Error: (11/02/2014 00:26:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the GS_Sustainer service to connect.
     
    Error: (11/01/2014 11:43:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the GS_Sustainer service to connect.
     
    Error: (11/01/2014 11:42:30 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:40:56 PM on ‎11/‎1/‎2014 was unexpected.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (11/02/2014 00:28:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/01/2014 11:44:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-11-01 22:27:14.321
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-11-01 22:27:14.286
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
    Percentage of memory in use: 60%
    Total physical RAM: 3956.52 MB
    Available physical RAM: 1557.72 MB
    Total Pagefile: 7911.23 MB
    Available Pagefile: 3829.96 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:390.05 GB) NTFS
    Drive g: (DANNY4) (Removable) (Total:3.73 GB) (Free:3.38 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 04FC0C68)
    Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.7 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=3.7 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================


    #13 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:19 AM

    Posted 01 November 2014 - 09:18 AM

    Sorry my friend you did not post the complete FRST log, can you find it and post it again

     

    Also, did you install and use this program

    C:\Program Files (x86)\Sensible Vision


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #14 suojun

    suojun
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:19 PM

    Posted 01 November 2014 - 09:39 AM

    FRST:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
    Ran by SJ Tan (administrator) on SJTAN-PC on 02-11-2014 01:13:06
    Running from C:\Users\SJ Tan\Downloads
    Loaded Profile: SJ Tan (Available profiles: SJ Tan)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Dropbox, Inc.) C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\winver.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Shenzhen QVOD Technology Co.,Ltd) C:\Program Files (x86)\QvodPlayer\QvodPlayer.exe
    (Shenzhen QVOD Technology Co.,Ltd) C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-08] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-14] (Realtek Semiconductor)
    HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-21] (Sensible Vision )
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [FAStartup] => [X]
    Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
    HKU\S-1-5-21-1579189689-3461082011-692137642-1000\...\Run: [Odpnics] => C:\Windows\SysWOW64\regsvr32.exe "C:\Users\SJ Tan\AppData\Local\YWKPack\qgxquldhwuzxhko.dll"
    HKU\S-1-5-21-1579189689-3461082011-692137642-1000\...\Run: [Ubhzmedia] => regsvr32.exe "C:\Users\SJ Tan\AppData\Local\Ubhzmedia\ep0lvr1g.dll" <===== ATTENTION
    HKU\S-1-5-21-1579189689-3461082011-692137642-1000\...\Run: [7FDF5E70] => C:\Users\SJ Tan\AppData\Roaming\7FDF5E70\bin.exe [196608 2014-11-01] ()
    HKU\S-1-5-21-1579189689-3461082011-692137642-1000\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli FAPassSync
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\SJ Tan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\SJ Tan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\SJ Tan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll (Microsoft)
    ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(993).dll (深圳市迅雷网络技术有限公司)
    ShellIconOverlayIdentifiers-x32: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0F3FA79D-4AD0-42DF-A769-29807A6B9FC8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{5424A76F-1FC1-4C6B-9927-C5A36CAF03C3}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{56B33E42-BD1D-4006-B45C-5CF325325F3E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{85205917-73CE-480A-8D12-4CBC6C0BC79C}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\SJ Tan\AppData\Roaming\Mozilla\Firefox\Profiles\hn5b142s.default-1411049628146
    FF SearchEngineOrder.1: WebSearch
    FF DefaultSearchEngine: WebSearch
    FF SelectedSearchEngine: WebSearch
    FF SearchEngineOrder.1,S: WebSearch
    FF DefaultSearchEngine,S: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.searc-hall.info/?pid=1889&r=2014/11/01&hid=12885226047306184691&lg=EN&cc=AU&unqvl=65&l=1&q=
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @baidu.com/npBdyyPlugin -> C:\Program Files (x86)\baidu\BaiduPlayer\3.9.3.12\npbdyy.dll No File
    FF Plugin-x32: @baidu.com/npxbdsetup -> C:\Windows\Downloaded Program Files\119237741\npxbdsetup.dll No File
    FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\SJ Tan\funshion\funshiontools\npFunshion.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll No File
    FF Plugin-x32: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
    FF Plugin-x32: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll (Thunder Networking Technologies,LTD)
    FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll No File
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
    FF Plugin HKCU: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll (Thunder Networking Technologies,LTD)
    FF Plugin HKCU: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll No File
    FF Plugin HKCU: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File
    FF Plugin HKCU: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\SJ Tan\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Extension: BitAccelerator - C:\Program Files (x86)\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f} [2013-02-04]
    FF Extension: AnviAdblock - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\AnviAdblock@anvisoft.com.xpi [2014-09-17]
    FF Extension: No Name - C:\Users\SJ Tan\AppData\Roaming\Mozilla\Firefox\Profiles\hn5b142s.default-1411049628146\extensions\{A4732521-77D9-447E-A557-B279AC923F06} [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
     
    Chrome: 
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR DefaultSearchKeyword: Default -> FD0E36875F34A4DF0223296F1EC6626A36CB4D7746C2A781C378B1EA6813D25B
    CHR DefaultSearchURL: Default -> 52E0E3677AFC96F39A3299DCEE08ACB31987938867BFFAEF8017D8034F5A282E
    CHR Profile: C:\Users\SJ Tan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\SJ Tan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-01]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SJ Tan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-01]
    CHR Extension: (YouTube) - C:\Users\SJ Tan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-01]
    CHR Extension: (Google Search) - C:\Users\SJ Tan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-01]
    CHR Extension: (AdBlock) - C:\Users\SJ Tan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-01]
    CHR Extension: (Google Wallet) - C:\Users\SJ Tan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-01]
    CHR Extension: (Gmail) - C:\Users\SJ Tan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-01]
    CHR HKLM-x32\...\Chrome\Extension: [dpphgmdbhahgadoggfojpaljepicgfpd] - C:\Users\SJ Tan\AppData\Roaming\DBankPlugin\DBankPluginChrome.crx [2013-02-05]
    CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2013-02-05]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-12] (Stardock Corporation) [File not signed]
    R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [4026880 2014-11-01] () [File not signed]
    S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-03-01] (Microsoft Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S2 4d349a54; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs_boo~1\AssistantSvc.dll",service
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-10-13] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()
    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)
    S1 bd0004; system32\DRIVERS\bd0004.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-02 01:00 - 2014-11-02 01:13 - 00019209 _____ () C:\Users\SJ Tan\Downloads\FRST.txt
    2014-11-02 01:00 - 2014-11-02 01:01 - 00029725 _____ () C:\Users\SJ Tan\Downloads\Addition.txt
    2014-11-02 01:00 - 2014-11-02 01:00 - 00000000 ____D () C:\Users\SJ Tan\Downloads\FRST-OlderVersion
    2014-11-02 00:29 - 2014-11-02 00:29 - 00000000 ___HD () C:\Users\Public\Device
    2014-11-01 23:41 - 2014-11-01 23:41 - 00002858 _____ () C:\Users\SJ Tan\Desktop\JRT.txt
    2014-11-01 23:30 - 2014-11-02 00:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-01 23:29 - 2014-11-01 23:29 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-01 23:29 - 2014-11-01 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-01 23:29 - 2014-11-01 23:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-01 23:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-01 23:29 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-01 23:29 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-01 23:28 - 2014-11-01 23:29 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\SJ Tan\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-01 23:26 - 2014-11-01 23:26 - 01706359 _____ (Thisisu) C:\Users\SJ Tan\Downloads\JRT.exe
    2014-11-01 23:11 - 2014-11-01 23:11 - 00193463 _____ () C:\Users\SJ Tan\Desktop\ComboFix.txt
    2014-11-01 23:02 - 2014-11-01 23:02 - 00193463 _____ () C:\ComboFix.txt
    2014-11-01 22:29 - 2014-11-01 22:57 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Otosso
    2014-11-01 22:29 - 2014-11-01 22:57 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Iphepu
    2014-11-01 21:59 - 2011-06-26 17:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-11-01 21:59 - 2010-11-08 04:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-11-01 21:59 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-11-01 21:59 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-11-01 21:59 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-11-01 21:59 - 2000-08-31 11:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-11-01 21:59 - 2000-08-31 11:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-11-01 21:59 - 2000-08-31 11:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-11-01 21:58 - 2014-11-01 23:02 - 00000000 ____D () C:\Qoobox
    2014-11-01 21:55 - 2014-11-01 23:00 - 00000000 ____D () C:\Windows\erdnt
    2014-11-01 21:50 - 2014-11-01 21:51 - 05591672 ____R (Swearware) C:\Users\SJ Tan\Desktop\ComboFix.exe
    2014-11-01 19:37 - 2014-11-01 23:29 - 00000000 ____D () C:\Users\SJ Tan\Downloads\[ UsaBit.com ] - The Inkeepers 2011 BRRip XviD AC3-SANTi
    2014-11-01 19:36 - 2014-11-01 19:36 - 00029839 _____ () C:\Users\SJ Tan\Downloads\[kickass.to]the.inkeepers.2011.brrip.xvid.ac3.santi.torrent
    2014-11-01 16:15 - 2014-11-02 00:27 - 00000000 ___RD () C:\Users\SJ Tan\Dropbox
    2014-11-01 16:14 - 2014-11-01 16:14 - 00000976 _____ () C:\Users\SJ Tan\Desktop\Dropbox.lnk
    2014-11-01 16:13 - 2014-11-01 16:13 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-11-01 16:10 - 2014-11-01 16:10 - 00323672 _____ (Dropbox, Inc.) C:\Users\SJ Tan\Downloads\DropboxInstaller.exe
    2014-11-01 15:57 - 2014-11-02 01:00 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SJTan-PC-SJ Tan SJTan-PC
    2014-11-01 15:53 - 2014-11-01 15:43 - 07137440 _____ (Microsoft Corporation) C:\Users\SJ Tan\Downloads\OneDriveSetup.exe
    2014-11-01 15:40 - 2014-11-01 15:40 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
    2014-11-01 13:26 - 2014-11-01 19:02 - 00000000 ____D () C:\Users\SJ Tan\Downloads\Erased (2012)
    2014-11-01 12:49 - 2014-11-01 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-11-01 00:50 - 2014-11-02 00:00 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Hugeese
    2014-11-01 00:50 - 2014-11-01 00:50 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 2820479685
    2014-11-01 00:50 - 2014-11-01 00:50 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 127326787
    2014-10-30 22:23 - 2014-11-01 13:27 - 00000000 ____D () C:\Program Files (x86)\DeltaFix
    2014-10-30 22:22 - 2014-10-30 22:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
    2014-10-30 00:38 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Uteqxoo
    2014-10-30 00:38 - 2014-11-02 00:00 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Igyculw
    2014-10-30 00:38 - 2014-10-30 00:38 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 1744159257
    2014-10-30 00:38 - 2014-10-30 00:38 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 1650907934
    2014-10-30 00:38 - 2014-10-30 00:38 - 00003812 _____ () C:\Windows\System32\Tasks\Security Center Update - 4024366643
    2014-10-29 22:07 - 2014-10-29 22:07 - 01998336 _____ () C:\Users\SJ Tan\Desktop\adwcleaner_4.002.exe
    2014-10-29 21:09 - 2014-10-29 21:09 - 00000000 ____D () C:\ProgramData\maiphddmgihkdlakldliaahinglebang
    2014-10-28 20:11 - 2014-10-28 20:13 - 00361028 ____N () C:\Windows\Minidump\102814-27658-01.dmp
    2014-10-28 00:30 - 2014-10-28 00:30 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 3231382482
    2014-10-28 00:30 - 2014-10-28 00:30 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 2491208742
    2014-10-28 00:29 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Zehaeqr
    2014-10-28 00:29 - 2014-11-02 00:00 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Ifyxobz
    2014-10-28 00:29 - 2014-10-28 00:29 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 813857555
    2014-10-26 14:42 - 2014-11-02 01:13 - 00000000 ____D () C:\FRST
    2014-10-26 14:40 - 2014-11-02 01:00 - 02114048 _____ (Farbar) C:\Users\SJ Tan\Downloads\FRST64.exe
    2014-10-26 00:21 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Ynrobom
    2014-10-26 00:21 - 2014-11-02 00:00 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Upwofuem
    2014-10-26 00:21 - 2014-10-26 00:21 - 00003824 _____ () C:\Windows\System32\Tasks\Security Center Update - 3847674173
    2014-10-26 00:21 - 2014-10-26 00:21 - 00003818 _____ () C:\Windows\System32\Tasks\Security Center Update - 2855278231
    2014-10-26 00:21 - 2014-10-26 00:21 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 4079046134
    2014-10-25 11:03 - 2014-11-02 00:00 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Avihroru
    2014-10-25 11:03 - 2014-10-25 11:03 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 287420291
    2014-10-25 11:03 - 2014-10-25 11:03 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 3053655436
    2014-10-25 11:03 - 2014-10-25 11:03 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 606677113
    2014-10-25 11:02 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Uxolohf
    2014-10-25 01:23 - 2014-11-01 13:27 - 00000000 ____D () C:\ProgramData\cb504ece194d96d2
    2014-10-25 01:22 - 2014-10-25 01:22 - 00000000 ____D () C:\Users\SJ Tan\AppData\Local\Comodo
    2014-10-25 01:22 - 2014-10-25 01:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
    2014-10-25 01:22 - 2014-10-25 01:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
    2014-10-25 01:22 - 2014-10-25 01:22 - 00000000 ____D () C:\Users\Guest
    2014-10-25 01:22 - 2014-10-25 01:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2014-10-25 01:22 - 2014-10-25 01:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
    2014-10-25 01:22 - 2014-10-25 01:22 - 00000000 ____D () C:\Users\Administrator
    2014-10-24 23:17 - 2014-11-02 00:00 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Muebmeo
    2014-10-24 23:17 - 2014-11-01 22:57 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Isondit
    2014-10-24 23:17 - 2014-11-01 22:29 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Idwayrr
    2014-10-24 23:17 - 2014-10-24 23:17 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 3809162415
    2014-10-24 23:17 - 2014-10-24 23:17 - 00003818 _____ () C:\Windows\System32\Tasks\Security Center Update - 3647123901
    2014-10-24 23:17 - 2014-10-24 23:17 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 1118505552
    2014-10-24 00:31 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Yzybylba
    2014-10-24 00:31 - 2014-10-24 00:31 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 1907485186
    2014-10-24 00:15 - 2014-11-02 00:00 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Ogabnuo
    2014-10-24 00:15 - 2014-10-24 00:15 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 1454749242
    2014-10-24 00:15 - 2014-10-24 00:15 - 00003812 _____ () C:\Windows\System32\Tasks\Security Center Update - 3792790081
    2014-10-23 23:14 - 2014-10-30 21:09 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Mukug
    2014-10-23 23:14 - 2014-10-23 23:14 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\v
    2014-10-23 18:13 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Uvheqyy
    2014-10-23 18:13 - 2014-10-23 18:13 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 894069570
    2014-10-23 18:07 - 2014-11-01 20:00 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Hyofax
    2014-10-22 21:53 - 2014-11-01 14:08 - 00000000 ____D () C:\Users\SJ Tan\Downloads\FS(Fuying & Sam) - 温度
    2014-10-21 23:56 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Vowuigu
    2014-10-21 23:56 - 2014-10-21 23:56 - 00003818 _____ () C:\Windows\System32\Tasks\Security Center Update - 1915724328
    2014-10-21 20:14 - 2014-10-21 20:14 - 01691689 ____N () C:\Windows\Minidump\102114-28454-01.dmp
    2014-10-21 18:43 - 2014-10-21 18:43 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\nHuaLEVp
    2014-10-19 23:43 - 2014-10-19 23:43 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 970097425
    2014-10-19 23:42 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Mumuuvni
    2014-10-19 22:47 - 2014-10-19 22:47 - 00000000 ____D () C:\Users\SJ Tan\Documents\R
    2014-10-19 22:45 - 2014-10-19 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
    2014-10-19 22:45 - 2014-10-19 22:45 - 00000000 ____D () C:\Program Files\RStudio
    2014-10-19 22:44 - 2014-10-19 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
    2014-10-19 22:44 - 2014-10-19 22:44 - 00000000 ____D () C:\Program Files\R
    2014-10-19 22:37 - 2014-10-19 22:43 - 56698707 _____ (R Core Team ) C:\Users\SJ Tan\Downloads\R-3.1.1-win.exe
    2014-10-19 22:36 - 2014-10-19 22:43 - 47165704 _____ () C:\Users\SJ Tan\Downloads\RStudio-0.98.1074.exe
    2014-10-19 22:11 - 2014-10-19 22:11 - 00003288 ____N () C:\bootsqm.dat
    2014-10-19 15:15 - 2014-10-19 15:16 - 00826155 ____N () C:\Windows\Minidump\101914-25630-01.dmp
    2014-10-17 23:35 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Woamiwim
    2014-10-17 23:35 - 2014-10-17 23:35 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 3195822393
    2014-10-16 18:50 - 2014-09-29 11:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-16 18:50 - 2014-06-19 09:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-16 18:50 - 2014-06-19 09:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-16 18:50 - 2014-06-19 09:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-16 18:50 - 2014-06-19 09:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-16 18:50 - 2014-06-19 09:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-16 18:50 - 2014-06-19 09:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-16 18:49 - 2014-10-10 13:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-16 18:49 - 2014-10-10 13:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-16 18:49 - 2014-10-10 13:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-16 18:49 - 2014-07-09 13:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-10-16 18:49 - 2014-07-09 13:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-10-16 18:49 - 2014-07-09 13:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-10-16 18:49 - 2014-07-09 13:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-10-16 18:49 - 2014-07-09 13:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-10-16 18:49 - 2014-07-09 12:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-10-16 18:49 - 2014-07-09 12:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-10-16 18:49 - 2014-07-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-10-16 18:49 - 2014-07-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-10-16 18:49 - 2014-07-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-10-16 18:49 - 2014-07-09 09:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-10-16 18:49 - 2014-07-09 09:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-10-16 18:47 - 2014-09-18 13:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-10-16 18:47 - 2014-09-18 12:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-10-16 18:46 - 2014-09-24 15:02 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-16 18:46 - 2014-09-24 15:02 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-16 18:46 - 2014-09-24 15:02 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-10-16 18:46 - 2014-09-24 15:01 - 12288512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-16 18:46 - 2014-09-24 15:01 - 09056768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-16 18:46 - 2014-09-24 15:01 - 02467328 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-16 18:46 - 2014-09-24 15:01 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-16 18:46 - 2014-09-24 15:01 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-16 18:46 - 2014-09-24 15:01 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-16 18:46 - 2014-09-24 15:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-16 18:46 - 2014-09-24 15:01 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-16 18:46 - 2014-09-24 15:01 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-10-16 18:46 - 2014-09-24 15:01 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-16 18:46 - 2014-09-24 15:00 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-10-16 18:46 - 2014-09-24 15:00 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-10-16 18:46 - 2014-09-24 14:59 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-16 18:46 - 2014-09-24 14:59 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-16 18:46 - 2014-09-24 14:40 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 11019264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 06025728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 02086912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 01266688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-10-16 18:46 - 2014-09-24 14:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-16 18:46 - 2014-09-24 14:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-10-16 18:46 - 2014-09-24 14:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-10-16 18:46 - 2014-09-24 14:37 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-16 18:46 - 2014-09-24 14:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-16 18:46 - 2014-09-24 12:00 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-16 18:46 - 2014-09-24 11:24 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-16 18:46 - 2014-09-04 16:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-16 18:46 - 2014-09-04 16:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-16 18:45 - 2014-07-17 13:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-16 18:45 - 2014-07-17 13:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-10-16 18:45 - 2014-07-17 13:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-16 18:45 - 2014-07-17 13:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-16 18:45 - 2014-07-17 13:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-16 18:45 - 2014-07-17 13:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-16 18:45 - 2014-07-17 13:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-16 18:45 - 2014-07-17 13:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-16 18:45 - 2014-07-17 12:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-16 18:45 - 2014-07-17 12:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-16 18:45 - 2014-07-17 12:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-10-16 18:45 - 2014-07-17 12:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2014-10-16 18:45 - 2014-07-17 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-16 18:45 - 2014-07-17 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-16 18:45 - 2014-07-17 12:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-16 18:45 - 2014-07-17 12:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-16 18:41 - 2014-09-13 12:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-16 18:41 - 2014-09-13 12:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-15 01:54 - 2014-10-15 02:06 - 01423110 ____N () C:\Windows\Minidump\101514-22604-01.dmp
    2014-10-13 23:58 - 2014-10-14 21:26 - 00000000 ____D () C:\Users\SJ Tan\Desktop\New folder
    2014-10-13 20:22 - 2014-10-13 20:22 - 00626514 ____N () C:\Windows\Minidump\101314-26223-01.dmp
    2014-10-13 19:02 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Xoxeido
    2014-10-13 19:02 - 2014-10-13 19:02 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 2954155310
    2014-10-11 23:58 - 2014-10-11 23:58 - 01556385 ____N () C:\Windows\Minidump\101114-42089-01.dmp
    2014-10-11 01:55 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Beizuvux
    2014-10-11 01:55 - 2014-10-11 01:55 - 00003824 _____ () C:\Windows\System32\Tasks\Security Center Update - 4139511517
    2014-10-08 02:06 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Vyviezt
    2014-10-08 02:06 - 2014-10-08 02:06 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 3323389597
    2014-10-06 13:03 - 2014-10-06 13:46 - 01691689 ____N () C:\Windows\Minidump\100614-28298-01.dmp
    2014-10-06 01:54 - 2014-11-02 00:25 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Xibiob
    2014-10-06 01:54 - 2014-10-06 01:54 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 1895530081
    2014-10-05 22:29 - 2014-10-05 22:29 - 00000000 _____ () C:\Windows\SysWOW64\nse8E54.tmp
    2014-10-05 22:29 - 2014-10-05 22:29 - 00000000 _____ () C:\Windows\system32\nsu925B.tmp
    2014-10-04 01:41 - 2014-10-04 01:41 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 3751270481
    2014-10-03 01:00 - 2014-10-03 01:00 - 00000077 _____ () C:\Windows\SysWOW64\0d67225a-76ea-4b3c-92f1-d74ccaf22438.19.lrf
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-02 01:13 - 2014-07-16 22:22 - 00000000 ____D () C:\ProgramData\QvodPlayer
    2014-11-02 01:03 - 2014-09-24 11:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-02 01:00 - 2010-10-07 09:02 - 00000000 ____D () C:\DELL
    2014-11-02 00:51 - 2014-09-19 01:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-02 00:34 - 2009-07-14 15:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-02 00:34 - 2009-07-14 15:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-02 00:31 - 2014-09-16 22:30 - 02057007 _____ () C:\Windows\WindowsUpdate.log
    2014-11-02 00:29 - 2012-12-09 18:05 - 00000954 _____ () C:\Users\SJ Tan\AppData\Roaming\coreavc.ini
    2014-11-02 00:27 - 2013-07-14 21:59 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Dropbox
    2014-11-02 00:26 - 2014-09-19 12:14 - 01108017 _____ () C:\Windows\setupact.log
    2014-11-02 00:26 - 2014-09-19 12:13 - 00223404 _____ () C:\Windows\PFRO.log
    2014-11-02 00:26 - 2014-09-19 01:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-02 00:26 - 2014-09-16 22:06 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
    2014-11-02 00:26 - 2014-09-16 22:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
    2014-11-02 00:26 - 2010-10-07 06:48 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-11-02 00:26 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-02 00:25 - 2014-10-02 01:27 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Puivboi
    2014-11-02 00:25 - 2014-09-30 01:09 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Coytiti
    2014-11-02 00:25 - 2014-09-28 01:06 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Saasroon
    2014-11-02 00:25 - 2014-09-26 00:56 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Timiucny
    2014-11-02 00:25 - 2014-09-25 01:14 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Ebnuqyby
    2014-11-02 00:25 - 2014-09-24 00:52 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Rionroeg
    2014-11-02 00:25 - 2014-09-22 00:52 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Akdiwyzu
    2014-11-02 00:22 - 2014-09-15 03:30 - 00000000 ____D () C:\Users\SJ Tan\AppData\Local\YWKPack
    2014-11-02 00:22 - 2014-09-15 03:14 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Osfeaha
    2014-11-02 00:22 - 2014-09-15 03:14 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Accokimy
    2014-11-02 00:22 - 2009-07-14 16:32 - 00000000 ____D () C:\Windows\Performance
    2014-11-02 00:00 - 2014-09-28 01:03 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Ilboaho
    2014-11-02 00:00 - 2014-09-26 00:56 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Afpaelb
    2014-11-02 00:00 - 2014-09-24 00:52 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Lytyos
    2014-11-02 00:00 - 2014-09-22 00:52 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Fuicolc
    2014-11-01 23:59 - 2014-07-16 13:18 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\BitTorrent
    2014-11-01 23:43 - 2012-11-27 14:14 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Adobe
    2014-11-01 23:32 - 2009-07-14 16:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-11-01 23:31 - 2013-10-13 15:41 - 00000000 ____D () C:\AdwCleaner
    2014-11-01 23:02 - 2009-07-14 14:20 - 00000000 __RHD () C:\Users\Default
    2014-11-01 22:57 - 2009-07-14 13:34 - 00000215 _____ () C:\Windows\system.ini
    2014-11-01 22:55 - 2009-07-14 13:34 - 74973184 _____ () C:\Windows\system32\config\SOFTWARE.bak
    2014-11-01 22:55 - 2009-07-14 13:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
    2014-11-01 22:55 - 2009-07-14 13:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
    2014-11-01 22:55 - 2009-07-14 13:34 - 00053248 _____ () C:\Windows\system32\config\SAM.bak
    2014-11-01 22:55 - 2009-07-14 13:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
    2014-11-01 22:29 - 2014-09-17 19:11 - 00000000 __SHD () C:\Users\SJ Tan\AppData\Roaming\sdbiwwss
    2014-11-01 22:29 - 2012-12-11 00:04 - 00000000 ____D () C:\FavoriteVideo
    2014-11-01 16:15 - 2014-09-16 21:36 - 00000000 ____D () C:\Users\SJ Tan
    2014-11-01 13:26 - 2014-09-17 21:14 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-11-01 12:48 - 2013-10-13 13:47 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-11-01 12:46 - 2014-09-19 01:54 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-01 12:46 - 2013-10-13 13:47 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-01 11:45 - 2014-09-17 01:44 - 00000000 ____D () C:\Media
    2014-10-30 00:50 - 2014-09-15 03:45 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
    2014-10-29 22:14 - 2014-09-16 22:39 - 00000993 _____ () C:\Users\SJ Tan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2014-10-28 20:14 - 2014-09-17 01:30 - 00000000 ____D () C:\Windows\Minidump
    2014-10-28 06:34 - 2010-11-21 14:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-25 14:24 - 2014-07-10 19:32 - 00000000 ____D () C:\Users\SJ Tan\AppData\Local\Adobe
    2014-10-25 14:23 - 2014-09-24 11:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-10-25 14:23 - 2014-09-24 11:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-25 14:23 - 2014-09-24 11:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-10-25 11:25 - 2014-09-16 22:39 - 00001445 _____ () C:\Users\SJ Tan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-10-25 10:58 - 2014-09-17 20:16 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2014-10-25 01:22 - 2012-11-29 03:50 - 00000000 ____D () C:\Users\SJ Tan\AppData\Local\Google
    2014-10-23 21:15 - 2012-12-01 22:55 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Audacity
    2014-10-22 16:52 - 2014-09-22 23:32 - 00000000 ___HD () C:\Users\SJ Tan\AppData\Roaming\7FDF5E70
    2014-10-19 01:24 - 2009-07-14 16:13 - 00006346 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-18 17:45 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-17 23:20 - 2009-07-14 15:45 - 00430616 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-17 23:18 - 2014-09-18 07:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-14 17:11 - 2014-09-17 20:16 - 00003050 _____ () C:\Windows\System32\Tasks\{260C40DA-23E3-0908-CD48-4F5A06181D1A}
    2014-10-13 22:24 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-10-11 20:00 - 2010-10-07 06:54 - 00000000 ____D () C:\ProgramData\Skype
    2014-10-08 23:43 - 2012-11-29 03:49 - 00000000 ____D () C:\Users\SJ Tan\AppData\Roaming\Skype
    2014-10-04 01:00 - 2014-10-02 20:57 - 00000000 ____D () C:\ProgramData\Apple
    2014-10-04 00:49 - 2014-10-02 21:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
     
    Some content of TEMP:
    ====================
    C:\Users\SJ Tan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps8amp9.dll
    C:\Users\SJ Tan\AppData\Local\Temp\Quarantine.exe
    C:\Users\SJ Tan\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-10-18 17:38
     
    ==================== End Of Log ============================


    #15 suojun

    suojun
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:19 PM

    Posted 01 November 2014 - 09:42 AM

    umm i am not sure what Sensible Vision is. judging from the date of some files in it, i think it came with the laptop.


    Edited by suojun, 01 November 2014 - 09:43 AM.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users