Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I don't know if I'm infected, but I believe I am! Please help!


  • This topic is locked This topic is locked
23 replies to this topic

#1 itzelmo

itzelmo

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 02:33 PM

Hello, I recently downloaded something and I really regret it for being so stupid. Aside from that, it's on my friends Laptop. I REALLY need help!

 

Here's my virus report: 

https://anubis.iseclab.org/?action=result&task_id=1328c22bf9668209461a5d62e12906853&format=html or https://anubis.iseclab.org/?action=result&task_id=1328c22bf9668209461a5d62e12906853&format=txt

 

PS: Sorry I don't know about those "logs" you guys posted, but also NONE of my virus scanner was able to pick this virus up, I uninstalled Java, deleted the iexplorer.exe from my Programs files, but I don't feel safe with my registry key, please help!!!

 

 

Edit: Virustotal scan link if you guys don't trust the one above:

 

https://www.virustotal.com/en/file/ddd679d3cb0a4fe3247ba31f23fb1c02168e4b09f5d16f5271c859b5f0e194f4/analysis/1435517342/


Edited by itzelmo, 28 June 2015 - 02:35 PM.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:40 AM

Posted 28 June 2015 - 03:07 PM

Hello itzelmo, and welcome to BC! :thumbsup:

 

The links you provided are perfectly legitimate, and the Virustotal report is completely clean...What registry key are you mentioning, and what problems are you experiencing currently?

 

After answering those questions above, would you still like me to check your computer for malware?

 

bloopie



#3 itzelmo

itzelmo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 03:11 PM

Hello itzelmo, and welcome to BC! :thumbsup:

 

The links you provided are perfectly legitimate, and the Virustotal report is completely clean...What registry key are you mentioning, and what problems are you experiencing currently?

 

After answering those questions above, would you still like me to check your computer for malware?

 

bloopie

I'm worried about what that "iexplorer.exe" thing did to my computer & the registry keys, the Anubis report should show what registry key it changed, but I don't understand it if you can look into it for me it would be nice, also did you take a look at the file detail/additional information on Virustotal?

 

Edit: Also, yes I would like you to check my computer for Malware. Thanks in advance!


Edited by itzelmo, 28 June 2015 - 03:29 PM.


#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:40 AM

Posted 28 June 2015 - 03:36 PM

Hello again,
 
Of course I've read the Additional Information on Virustotal. Do you know what iexplorer.exe actually is? :wink:
 
Also, when you see the following in Virustotal, that means that you have "0" detections out of 55 Antivirus solutions that have scanned and approved that file.:
0detections.png

==========

But not to worry, I will still have a look at your machine, please stand by...at your request I will now move your topic to the Malware Removal Logs Forum and post the next instructions for you so that we can get some logs to have a look at. :)

In the meantime, you haven't answered my question about what problems you are experiencing currently...could you please answer that now for me? :)

bloopie

#5 itzelmo

itzelmo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 03:41 PM

Hello again,
 
Of course I've read the Additional Information on Virustotal. Do you know what iexplorer.exe actually is? :wink:
 
Also, when you see the following in Virustotal, that means that you have "0" detections out of 55 Antivirus solutions that have scanned and approved that file.:
0detections.png

==========

But not to worry, I will still have a look at your machine, please stand by...at your request I will now move your topic to the Malware Removal Logs Forum and post the next instructions for you so that we can get some logs to have a look at. :)

In the meantime, you haven't answered my question about what problems you are experiencing currently...could you please answer that now for me? :)

bloopie

I have no problems aside from that "PKBN.exe" being added to my Startups after opening a file. But I saw that it required Java, so I uninstalled it right away & today when I turned on my laptop, it had a popup saying "This application requires a Java Runtime Environment 1.8.0" so then I opened task manager and found out that file was in the Startups other than that it was STEALTH yesterday because I was also like you thought it was a clean scan.

 

Here's the virus scan to the file I opened that brought "PKBN.exe" alive: https://www.virustotal.com/en/file/d3179554a74869e743d03041707ee89aff99ef0c76e86cd286b8c12874a99327/analysis/1435524037/

Edit: Also, I'm really paranoid since the laptop isn't mines. I'm scared that the owner of this laptop's detail may get stolen hence he has some stuff logged on.

 

Oh and for the "iexplorer.exe" I know what it is, but I was just afraid it silently downloaded something malicious without me knowing since the registrys has been changed on IE.


Edited by itzelmo, 28 June 2015 - 03:52 PM.


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:40 AM

Posted 28 June 2015 - 03:52 PM

Okay, thanks for answering! I think you're okay, but we'll check anyway... :)

Now that I've moved the topic...please have a look at this speech that I post for all of the people that I help...if a question or statement does not apply (such as the first question..."If you have since resolved the original problem...", that one obviously doesn't apply :wink: ) then simply move on to the next one:

A few things to keep in mind while we are working together:
  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!
==========

Okay, now let's get some logs to have a look at:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Please let me know if you have any trouble with the above steps! :)

bloopie

#7 itzelmo

itzelmo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 03:55 PM

Okay, I'm currently downloading the tool right now. Also, I don't have the Windows CD/DVD hence this isn't my laptop.

 

Edit: Currently scanning.


Edited by itzelmo, 28 June 2015 - 03:57 PM.


#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:40 AM

Posted 28 June 2015 - 04:08 PM

Okay, thanks for letting me know! :)

Post the logs here when complete.

bloopie

#9 itzelmo

itzelmo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 04:25 PM

Okay it's all done and I should be thanking you for helping me instead. :)

 

I can't post the log, whenever I click post, it says "You do not have permission for that action."

 

Seems like it was the Chinese Letters that wasn't giving me permission to post the WHOLE thing standalone.


Edited by itzelmo, 28 June 2015 - 04:43 PM.


#10 itzelmo

itzelmo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 04:31 PM

FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015
Ran by jiank (administrator) on ALEX on 28-06-2015 13:57:00
Running from C:\Users\jiank\Desktop\Virus sanners
Loaded Profiles: jiank & lijas_000 (Available Profiles: jiank & lijas_000)
Platform: Windows 8.1 (X64) OS Language: Chinese (Simplified, China)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
(Kingsoft Corporation) C:\Users\jiank\AppData\Local\liebao\5.2.91.10096\knbcenter.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\ksafe\KSafeSvc.exe
(MyDrivers.com) C:\Program Files (x86)\MyDrivers\DriverGenius2013\dgservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\ksafe\KSafeTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kwsprotect64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\ksgamepro.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.247\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.31\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.149\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM-x32\...\Run: [kxesc] => c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe [1528232 2015-06-23] (Kingsoft Corporation)
HKLM-x32\...\Run: [KSafeTray] => c:\program files (x86)\kingsoft\ksafe\KSafeTray.exe [76440 2014-11-12] (Kingsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-2728678769-1798011253-2640574055-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2728678769-1798011253-2640574055-1001\...\Policies\Explorer: [nolowdiskspacechecks] 1
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2728678769-1798011253-2640574055-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=EUPP_ASJB
HKU\S-1-5-21-2728678769-1798011253-2640574055-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-2728678769-1798011253-2640574055-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-2728678769-1798011253-2640574055-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://cn.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://cn.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKU\.DEFAULT -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = http://www.baidu.com/s?wd={searchTerms}&tn=98012088_4_dg&ch=2&ie=utf-8
SearchScopes: HKU\S-1-5-21-2728678769-1798011253-2640574055-1001 -> DefaultScope {44177982-996D-4b79-B29F-5B60E13A5169} URL = http://www.baidu.com/s?wd={searchTerms}&tn=98012088_4_dg&ch=2&ie=utf-8
SearchScopes: HKU\S-1-5-21-2728678769-1798011253-2640574055-1001 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = http://www.baidu.com/s?wd={searchTerms}&tn=98012088_4_dg&ch=2&ie=utf-8
SearchScopes: HKU\S-1-5-21-2728678769-1798011253-2640574055-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2728678769-1798011253-2640574055-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll [2014-07-15] (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\jiank\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2014-11-12] (Tencent)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{603E225A-30A8-493A-B83A-CCB734C33B1C}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BD4CB4E6-B891-41AF-A7D9-3573F56EA18F}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [2014-09-10] (Kingsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2014-11-12] (Tencent)
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2014-08-29] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.94\Bin\npSSOAxCtrlForPTLogin.dll [2014-10-22] (Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-09-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-09-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/webhp?hl=en&tab=ww", "hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9830BD30-B585-48A3-B666-93D6C30A4E33&SSPV="
CHR Profile: C:\Users\jiank\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (优酷一键通) - C:\Users\jiank\AppData\Local\Google\Chrome\User Data\Default\Extensions\alddjbjplgobbllfolehibiclbhmomla [2014-09-10]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\jiank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2015-05-24]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\jiank\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhapiedbmffnpkahkcjdjpikmodjipmd [2014-09-10]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\jiank\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-09-10]
CHR Extension: (AdBlock) - C:\Users\jiank\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-12]
CHR Extension: (声海盗) - C:\Users\jiank\AppData\Local\Google\Chrome\User Data\Default\Extensions\idleenniidjlnmnjkjmmnocnkmjibadd [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\jiank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-10]
CHR Extension: (Unblock Youku) - C:\Users\jiank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-09-10]
CHR HKLM-x32\...\Chrome\Extension: [efbncjlebdihjkdedfcajhfepaapbioa] - c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.crx [2014-09-10]

Edited by itzelmo, 28 June 2015 - 04:48 PM.


#11 itzelmo

itzelmo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 04:32 PM

 
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0232571435362210mcinstcleanup; C:\Users\jiank\AppData\Local\Temp\023257~1.EXE [851136 2014-08-08] (McAfee, Inc.)
S3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation) [File not signed]
S3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 dg597; C:\Windows\SysWOW64\dg597\dg597.dll [125296 2015-05-23] ()
R3 dgpnpsev; c:\program files (x86)\Mydrivers\DriverGenius2013\DgService.exe [330064 2015-05-23] (MyDrivers.com)
S3 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-06-10] (ELAN Microelectronics Corp.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2014-12-15] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 knbcenter; C:\Users\jiank\AppData\Local\liebao\5.2.91.10096\knbcenter.exe [827728 2015-05-23] (Kingsoft Corporation)
R2 KSafeSvc; c:\program files (x86)\kingsoft\ksafe\KSafeSvc.exe [203928 2014-11-12] (Kingsoft Corporation)
R2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [284112 2015-05-23] (Kingsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
S3 SogouUpdate; C:\Program Files (x86)\SogouInput\7.4.0.4382\SogouUpdate.exe [256104 2014-11-26] (Sogou.com Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S3 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-11] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [285152 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 bootsafe; C:\Windows\System32\Drivers\bootsafe64.sys [33128 2015-04-14] (Kingsoft Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S2 DgSafe; C:\Windows\System32\drivers\DgSafe.sys [470800 2014-11-19] (MyDrivers.com)
S2 DgSafe; C:\Windows\SysWOW64\drivers\DgSafe.sys [470800 2014-09-17] (MyDrivers.com)
R0 kavbootc; C:\Windows\System32\drivers\kavbootc64.sys [31848 2014-09-10] (Kingsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [190792 2015-05-23] (Kingsoft Corporation)
R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [229192 2015-05-23] (Kingsoft Corporation)
R1 kisnetm; c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64.sys [109880 2014-09-10] (Kingsoft Corporation)
R1 kmodurl; c:\program files (x86)\kingsoft\ksafe\kmodurl64.sys [128208 2014-11-12] (Kingsoft Corporation)
R3 knbdrv; C:\Windows\system32\drivers\KNBDrv.sys [102704 2015-05-23] (Kingsoft Corporation)
R0 ksafebootsafe; C:\Windows\System32\Drivers\ksafebootsafe64.sys [30056 2014-11-12] (Kingsoft Corporation)
S2 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-09-10] (Kingsoft Corporation)
R3 ksfmonsys; C:\Program Files (x86)\kingsoft\ksafe\ksfmonsys64.sys [22592 2014-11-12] (Kingsoft Corporation)
R4 KUsbGuard; c:\program files (x86)\kingsoft\kingsoft antivirus\kusbquery64.sys [18296 2014-09-10] (Kingsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-06-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows ® Win 7 DDK provider)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [553176 2014-10-09] (Realsil Semiconductor Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [40104 2014-08-20] (Razer Inc)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 HWiNFO32; \??\C:\Users\jiank\AppData\Local\Temp\Mydrivers64A.SYS [X]
U0 msahci; system32\drivers\msahci.sys

Edited by itzelmo, 28 June 2015 - 04:48 PM.


#12 itzelmo

itzelmo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 04:37 PM

==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVCx32: dg597 -> C:\Windows\SysWOW64\dg597\dg597.dll ()
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-28 13:56 - 2015-06-28 13:57 - 00000000 ____D C:\Users\jiank\Desktop\Virus sanners
2015-06-28 13:56 - 2015-06-28 13:57 - 00000000 ____D C:\FRST
2015-06-28 12:03 - 2015-06-28 12:03 - 00000000 ____D C:\ProgramData\Avg_Update_0215pit
2015-06-28 12:00 - 2015-06-28 12:00 - 00000000 ____D C:\Users\jiank\AppData\Roaming\AVG2015
2015-06-28 11:59 - 2015-06-28 12:00 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-28 11:59 - 2015-06-28 11:59 - 00000983 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-28 11:59 - 2015-06-28 11:59 - 00000000 ___HD C:\$AVG
2015-06-28 11:59 - 2015-06-28 11:59 - 00000000 ____D C:\Users\jiank\AppData\Roaming\TuneUp Software
2015-06-28 11:59 - 2015-06-28 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-28 11:59 - 2015-06-28 11:59 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-28 11:58 - 2015-06-28 11:58 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-28 11:56 - 2015-06-28 14:17 - 00000000 ____D C:\ProgramData\MFAData
2015-06-28 11:56 - 2015-06-28 12:06 - 00000000 ____D C:\Users\jiank\AppData\Local\Avg2015
2015-06-28 11:56 - 2015-06-28 11:56 - 05017176 _____ (AVG Technologies) C:\Users\jiank\Downloads\avg_avc_stb_all_2015_ltst_197.exe
2015-06-28 11:56 - 2015-06-28 11:56 - 00000000 ____D C:\Users\jiank\AppData\Local\MFAData
2015-06-26 15:54 - 2015-06-26 15:54 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2015-06-26 15:54 - 2015-06-26 15:54 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-06-26 15:13 - 2015-06-28 13:13 - 00374702 _____ C:\Windows\WindowsUpdate.log
2015-06-26 15:11 - 2015-06-26 15:11 - 00002120 _____ C:\Windows\PFRO.log
2015-06-26 15:11 - 2015-06-26 15:11 - 00000116 _____ C:\Windows\setupact.log
2015-06-26 15:11 - 2015-06-26 15:11 - 00000000 _____ C:\Windows\setuperr.log
2015-06-26 15:09 - 2015-06-28 11:46 - 00000000 ____D C:\Users\jiank\AppData\Local\CrashDumps
2015-06-26 14:38 - 2015-06-28 11:44 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-26 14:38 - 2015-06-26 14:39 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-26 14:38 - 2015-06-26 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-26 14:38 - 2015-06-26 14:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-26 14:38 - 2015-06-26 14:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-26 14:38 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-26 14:38 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-26 14:38 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-26 14:36 - 2015-06-26 14:36 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\jiank\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-26 14:12 - 2015-06-26 14:12 - 00000000 ____D C:\ProgramData\Sun
2015-06-26 14:12 - 2015-06-26 14:12 - 00000000 ____D C:\ProgramData\Oracle
2015-06-26 14:11 - 2015-06-26 14:11 - 00562272 _____ (Oracle Corporation) C:\Users\jiank\Downloads\chromeinstall-8u45.exe
2015-06-26 12:46 - 2015-06-27 14:55 - 00047736 _____ C:\Users\jiank\Desktop\baeaf.veg
2015-06-26 12:46 - 2015-06-26 13:59 - 00047848 _____ C:\Users\jiank\Desktop\baeaf.veg.bak
2015-06-26 12:30 - 2015-06-26 12:30 - 00000000 ____D C:\Users\jiank\Desktop\CLIPS
2015-06-26 12:27 - 2015-06-26 12:28 - 00273880 _____ C:\Users\jiank\Downloads\steelix_-_saturn[www.MP3Fiber.com].mp3.sfk
2015-06-26 12:27 - 2015-06-26 12:27 - 00045264 _____ C:\Users\jiank\Downloads\real life clip.mp4.sfk
2015-06-26 12:15 - 2015-06-26 12:19 - 120914932 _____ C:\Users\jiank\Downloads\real life clip.mp4
2015-06-26 00:04 - 2015-06-26 00:05 - 135795609 _____ C:\Users\jiank\Downloads\Forever Clips And Cins.zip
2015-06-25 12:17 - 2015-06-25 12:17 - 00000000 ____D C:\Users\jiank\Documents\OFX Presets
2015-06-24 23:51 - 2015-06-24 23:56 - 00165448 _____ C:\Users\jiank\Downloads\XXYYXX_-_Closer_Soundpalette_Flip[www.MP3Fiber.com].mp3.sfk
2015-06-23 23:26 - 2015-06-23 23:27 - 00173944 _____ C:\Users\jiank\Downloads\Mr_Carmack_-_Aint_Loyal_Oshis_Version[www.MP3Fiber.com].mp3.sfk
2015-06-23 19:49 - 2015-06-23 19:52 - 24753420 _____ C:\Users\jiank\Documents\FIRST ONE BABY.mp4
2015-06-23 18:09 - 2015-06-23 18:11 - 00345992 _____ C:\Users\jiank\Downloads\Ariana_Grande_The_Weeknd_-_Love_Me_Harder[www.MP3Fiber.com].mp3.sfk
2015-06-23 18:01 - 2015-06-24 23:40 - 00000000 ____D C:\Users\jiank\Desktop\Replays
2015-06-23 17:58 - 2015-06-23 17:58 - 00803827 _____ C:\Users\jiank\Downloads\SkinSpotlightsReplays-2.0.0.13.zip
2015-06-23 17:13 - 2015-06-23 17:13 - 00000000 ____D C:\Users\jiank\Desktop\avifrate
2015-06-23 17:01 - 2015-06-23 17:01 - 00000582 _____ C:\Users\jiank\Desktop\Fraps.lnk
2015-06-23 17:01 - 2015-06-23 17:01 - 00000000 ____D C:\Users\jiank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2015-06-23 14:52 - 2015-06-23 14:52 - 00000000 ____D C:\Users\jiank\AppData\Local\Activision
2015-06-23 13:46 - 2015-06-23 13:46 - 00000221 _____ C:\Users\jiank\Desktop\Call of Duty Black Ops - Multiplayer.url
2015-06-23 13:24 - 2015-06-17 02:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-23 13:24 - 2015-06-17 02:10 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-23 13:24 - 2015-06-17 02:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-21 16:46 - 2015-06-21 16:46 - 00000000 ____D C:\Users\lijas_000\AppData\Local\GWX
2015-06-20 22:43 - 2015-06-20 23:18 - 00000000 ____D C:\Users\jiank\Documents\Vindictus
2015-06-18 15:06 - 2015-06-20 22:50 - 00000000 ____D C:\ProgramData\NexonUS
2015-06-18 15:06 - 2015-06-18 15:06 - 00000000 ____D C:\ProgramData\Nexon
2015-06-18 15:04 - 2015-06-18 15:04 - 00002220 _____ C:\Users\jiank\Desktop\Combat Arms.lnk
2015-06-18 15:04 - 2015-06-18 15:04 - 00000000 ____D C:\Users\jiank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2015-06-18 14:45 - 2015-06-18 14:45 - 00000000 ____D C:\Nexon

2015-06-18 14:39 - 2015-06-22 14:43 - 00000000 ____D C:\Users\jiank\AppData\Local\NexonLauncher
2015-06-18 14:39 - 2015-06-18 14:45 - 00000000 ____D C:\Users\jiank\AppData\Roaming\NexonLauncher
2015-06-18 14:38 - 2015-06-18 14:38 - 10278352 _____ C:\Users\jiank\Downloads\NexonLauncherSetup.exe
2015-06-18 14:38 - 2015-06-18 14:38 - 00002101 _____ C:\Users\jiank\Desktop\Nexon Launcher.lnk
2015-06-18 14:38 - 2015-06-18 14:38 - 00000000 ____D C:\Program Files (x86)\Nexon
2015-06-17 21:15 - 2015-06-17 02:10 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-17 21:15 - 2015-06-17 02:10 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-17 16:38 - 2015-06-17 16:38 - 00003170 _____ C:\Windows\System32\Tasks\{85E57386-8953-47FE-9F28-DA2F6C09B74E}
2015-06-16 19:09 - 2015-06-16 19:09 - 00211296 _____ C:\ProgramData\UpdateDetectPCMgrDLLEx_0611.exe
2015-06-16 19:08 - 2015-06-16 19:09 - 00092320 _____ C:\ProgramData\UpdateDetectPCMgrDLLEx_0611.exe.20150616.dat
2015-06-16 19:08 - 2015-06-16 19:08 - 01116512 _____ C:\ProgramData\DetectPCMgrDLLEx.dll
2015-06-16 19:08 - 2015-06-16 19:08 - 00549361 _____ C:\ProgramData\DetectPCMgrDLLEx.dll.20150616.dat
2015-06-16 14:51 - 2015-06-16 14:51 - 00002327 _____ C:\Users\Public\Desktop\金山猎豹游戏中心.lnk
2015-06-16 14:38 - 2015-04-08 17:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-06-16 14:38 - 2015-04-08 17:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-06-16 14:33 - 2015-06-16 14:35 - 283201840 _____ (NVIDIA Corporation) C:\Users\jiank\Downloads\350.12-notebook-win8-win7-64bit-international-whql.exe
2015-06-16 13:37 - 2015-06-16 13:38 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\dg
2015-06-15 23:42 - 2015-06-15 23:42 - 00001399 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-15 23:41 - 2015-06-15 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-15 23:41 - 2015-06-03 14:04 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-15 23:41 - 2015-06-03 14:04 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-15 23:41 - 2015-06-03 14:04 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-15 23:41 - 2015-06-03 14:04 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-15 23:41 - 2015-05-18 20:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-15 23:41 - 2015-05-18 20:14 - 00061616 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-06-15 23:41 - 2015-05-18 20:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-15 23:39 - 2015-06-15 23:40 - 36802944 _____ (NVIDIA Corporation) C:\Users\jiank\Downloads\GeForce_Experience_v2.4.5.44.exe
2015-06-15 14:17 - 2015-06-17 02:10 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-15 14:17 - 2015-05-28 00:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-15 14:17 - 2015-05-28 00:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-14 19:08 - 2015-06-14 19:23 - 72876209 _____ C:\Users\lijas_000\Desktop\YOURERIGHT.mp4
2015-06-14 18:17 - 2015-06-14 18:38 - 00003144 _____ C:\Users\lijas_000\Downloads\Intro V2.mov.sfk
2015-06-14 18:17 - 2015-06-14 18:17 - 05213161 _____ C:\Users\lijas_000\Downloads\Intro V2.mov
2015-06-14 15:41 - 2015-06-14 16:50 - 00001904 _____ C:\Users\lijas_000\Downloads\Swoosh.sfk
2015-06-14 15:41 - 2015-06-14 15:41 - 00240770 _____ C:\Users\lijas_000\Downloads\Swoosh.wav
2015-06-14 14:51 - 2015-06-14 14:54 - 00325720 _____ C:\Users\lijas_000\Downloads\The_Neighbourhood_-_icanteven_Audio_ft_French_Montana[www.MP3Fiber.com].mp3.sfk
2015-06-14 14:25 - 2015-06-26 14:18 - 00000000 ____D C:\Users\lijas_000\Desktop\OCC Week 188 300fps
2015-06-13 21:36 - 2015-06-13 22:08 - 00347464 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-06-13 21:36 - 2015-06-13 21:36 - 00000000 ____D C:\Users\jiank\AppData\Local\PunkBuster

2015-06-13 21:18 - 2015-06-13 21:49 - 00281288 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-06-13 14:34 - 2015-06-21 17:00 - 00000048 _____ C:\Users\lijas_000\jagex_cl_oldschool_LIVE.dat
2015-06-13 14:34 - 2015-06-13 15:07 - 00000024 ____R C:\Users\lijas_000\random.dat
2015-06-13 14:34 - 2015-06-13 14:34 - 00000000 ____D C:\Users\lijas_000\jagexcache
2015-06-13 14:32 - 2015-06-21 17:00 - 00000000 ____D C:\Users\lijas_000\OSBuddy
2015-06-13 14:32 - 2015-06-13 14:32 - 00881112 _____ C:\Users\lijas_000\Downloads\OSBuddy.exe
2015-06-12 21:59 - 2015-06-12 22:00 - 00345992 _____ C:\Users\lijas_000\Downloads\Ariana_Grande_The_Weeknd_-_Love_Me_Harder[www.MP3Fiber.com].mp3.sfk
2015-06-12 21:38 - 2015-06-12 21:41 - 00320216 _____ C:\Users\lijas_000\Downloads\Gravity_-_Against_The_Current_Official_Music_Video[www.MP3Fiber.com].mp3.sfk
2015-06-12 20:24 - 2015-06-15 23:26 - 00000000 ____D C:\Users\lijas_000\Desktop\LeagueReplay
2015-06-12 14:17 - 2015-06-12 14:17 - 00001340 _____ C:\Users\lijas_000\Desktop\OBS - Shortcut.lnk
2015-06-11 16:53 - 2015-06-11 16:53 - 00001274 _____ C:\Users\lijas_000\Desktop\OBS.lnk
2015-06-11 16:50 - 2015-06-21 22:16 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\OBS
2015-06-11 16:49 - 2015-06-11 16:49 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\Macromedia
2015-06-11 16:48 - 2015-06-11 16:48 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\LolClient
2015-06-11 16:43 - 2015-06-11 16:43 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\Sony Creative Software Inc
2015-06-11 16:23 - 2015-06-11 20:30 - 00000000 ____D C:\Users\lijas_000\Documents\OFX Presets
2015-06-11 14:31 - 2015-06-11 14:35 - 00327776 _____ C:\Users\lijas_000\Downloads\you_can_be_king_again[www.MP3Fiber.com].mp3.sfk
2015-06-11 14:01 - 2015-06-23 13:26 - 00000000 ____D C:\temp
2015-06-11 14:00 - 2015-06-15 23:26 - 00000000 ____D C:\Program Files (x86)\LooksBuilder
2015-06-11 14:00 - 2015-06-11 14:03 - 00000000 ____D C:\Users\jiank\AppData\Roaming\Red Giant Link
2015-06-11 14:00 - 2015-06-11 14:02 - 00000000 ____D C:\Users\lijas_000\AppData\Local\LooksBuilder
2015-06-11 13:55 - 2015-06-11 13:55 - 00000000 ____D C:\ProgramData\RedGiant
2015-06-11 13:54 - 2015-06-11 13:54 - 00000000 ____D C:\Users\lijas_000\AppData\Local\Downloaded Installations
2015-06-11 13:48 - 2015-06-11 13:49 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\NVIDIA
2015-06-11 13:48 - 2015-06-11 13:48 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\Publish Providers
2015-06-11 13:47 - 2015-06-11 20:35 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\Sony
2015-06-11 13:47 - 2015-06-11 13:47 - 00000000 ____D C:\Users\lijas_000\AppData\Local\Sony
2015-06-11 13:42 - 2015-06-11 13:42 - 00000000 ____D C:\Program Files\Common Files\OFX
2015-06-11 13:41 - 2015-06-15 23:25 - 00000000 ____D C:\Program Files (x86)\GenArts
2015-06-11 13:41 - 2015-06-11 13:41 - 00000103 _____ C:\Windows\MSUTIL.INI
2015-06-11 13:41 - 2015-06-11 13:41 - 00000000 ____D C:\ProgramData\GenArts
2015-06-11 13:39 - 2015-06-11 13:39 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\WinRAR
2015-06-11 13:34 - 2015-06-11 13:34 - 00000953 _____ C:\Users\jiank\Desktop\Open Broadcaster Software.lnk
2015-06-11 13:33 - 2015-06-11 13:33 - 07072745 _____ C:\Users\lijas_000\Downloads\OBS_0_651b_Installer.exe


#13 itzelmo

itzelmo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 04:39 PM

2015-06-11 13:18 - 2015-06-11 13:18 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\WebStorage
2015-06-11 12:56 - 2015-06-17 19:34 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2728678769-1798011253-2640574055-1004
2015-06-11 12:56 - 2015-06-11 12:56 - 00000000 ____D C:\Users\lijas_000\AppData\Local\Steam
2015-06-11 12:55 - 2015-06-15 14:31 - 00000000 ____D C:\Users\lijas_000\AppData\Local\CrashDumps
2015-06-10 23:19 - 2015-06-27 23:19 - 00000000 ____D C:\Users\jiank\AppData\Roaming\OBS
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 ____D C:\Users\jiank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-06-10 20:22 - 2015-06-25 12:58 - 00000000 ____D C:\Users\lijas_000\OneDrive
2015-06-10 20:21 - 2015-06-11 13:01 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\kingsoft
2015-06-10 20:19 - 2015-06-10 20:19 - 00000000 ____D C:\Users\lijas_000\Documents\Bluetooth Folder
2015-06-10 20:19 - 2015-06-10 20:19 - 00000000 ____D C:\Users\lijas_000\AppData\Local\BMExplorer
2015-06-10 20:18 - 2015-06-10 20:18 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\Atheros
2015-06-10 20:17 - 2015-06-15 13:49 - 00000000 ____D C:\Users\lijas_000\AppData\Local\NVIDIA Corporation
2015-06-10 20:16 - 2015-06-25 12:58 - 00000092 _____ C:\Users\lijas_000\AppData\Roaming\sp_data.sys
2015-06-10 20:16 - 2015-06-15 13:47 - 00000000 ____D C:\Users\lijas_000\AppData\Local\NVIDIA
2015-06-10 20:15 - 2015-06-26 14:55 - 00000000 ____D C:\Users\lijas_000
2015-06-10 20:15 - 2015-06-11 13:29 - 00000000 ____D C:\Users\lijas_000\AppData\Local\Packages
2015-06-10 20:15 - 2015-06-11 13:21 - 00000000 ____D C:\Users\lijas_000\AppData\Local\Google
2015-06-10 20:15 - 2015-06-11 13:01 - 00002253 _____ C:\Users\lijas_000\Desktop\Google Chrome.lnk
2015-06-10 20:15 - 2015-06-10 20:19 - 00000000 ____D C:\Users\lijas_000\AppData\Local\VirtualStore
2015-06-10 20:15 - 2015-06-10 20:15 - 00001372 _____ C:\Users\lijas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-10 20:15 - 2015-06-10 20:15 - 00000020 ___SH C:\Users\lijas_000\ntuser.ini


#14 itzelmo

itzelmo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 04:40 PM

2015-06-10 20:15 - 2015-06-10 20:15 - 00000000 _SHDL C:\Users\lijas_000\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2015-06-10 20:15 - 2015-06-10 20:15 - 00000000 _SHDL C:\Users\lijas_000\(chinese letters saying start/menu)
2015-06-10 20:15 - 2015-06-10 20:15 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\Adobe
2015-06-10 20:15 - 2015-06-10 20:15 - 00000000 ____D C:\Users\lijas_000\AppData\Local\liebao

Edited by itzelmo, 28 June 2015 - 04:41 PM.


#15 itzelmo

itzelmo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2015 - 04:42 PM

2015-06-10 20:15 - 2015-06-10 20:15 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\Adobe
2015-06-10 20:15 - 2015-06-10 20:15 - 00000000 ____D C:\Users\lijas_000\AppData\Local\liebao
2015-06-10 20:15 - 2015-06-01 23:56 - 00000000 ___RD C:\Users\lijas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-10 20:15 - 2015-06-01 23:56 - 00000000 ___RD C:\Users\lijas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-10 20:15 - 2015-06-01 23:56 - 00000000 ___RD C:\Users\lijas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-10 20:15 - 2014-03-18 03:13 - 00000369 _____ C:\Users\lijas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-10 20:15 - 2014-03-18 03:13 - 00000369 _____ C:\Users\lijas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-10 20:15 - 2013-08-22 08:36 - 00000000 ____D C:\Users\lijas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-10 20:10 - 2015-06-10 20:10 - 00000000 ____D C:\Users\jiank\AppData\Roaming\Publish Providers
2015-06-10 20:08 - 2015-06-10 20:10 - 00000000 ____D C:\Users\jiank\AppData\Local\Sony
2015-06-10 20:08 - 2015-06-10 20:08 - 00000000 ____D C:\ProgramData\Sony
2015-06-10 20:08 - 2015-06-10 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-06-10 20:08 - 2015-06-10 20:08 - 00000000 ____D C:\Program Files\Sony
2015-06-10 20:08 - 2015-06-10 20:08 - 00000000 ____D C:\Program Files (x86)\Sony
2015-06-10 20:06 - 2015-06-26 14:18 - 00000000 ____D C:\Users\jiank\AppData\Roaming\Sony
2015-06-09 18:08 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 18:08 - 2015-05-25 06:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 18:08 - 2015-05-25 06:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 18:08 - 2015-04-24 19:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 18:08 - 2015-04-24 19:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 18:08 - 2015-04-15 23:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-09 18:08 - 2015-04-13 15:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-09 18:08 - 2015-04-13 15:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-09 18:08 - 2015-04-09 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-09 18:08 - 2015-04-09 17:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-09 18:08 - 2015-04-08 15:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-09 18:08 - 2015-04-08 15:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-09 18:08 - 2015-04-01 15:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-09 18:08 - 2015-04-01 15:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-09 18:08 - 2015-03-31 21:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-09 18:08 - 2015-03-31 21:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-09 18:08 - 2015-03-31 21:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-09 18:08 - 2015-03-31 21:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-09 18:08 - 2015-03-31 20:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-09 18:08 - 2015-03-31 20:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-09 18:08 - 2015-03-31 20:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-09 18:08 - 2015-03-31 19:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-09 18:08 - 2015-03-31 19:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 18:08 - 2015-03-31 19:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-09 18:08 - 2015-03-31 19:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-09 18:08 - 2015-03-31 19:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-09 18:08 - 2015-03-31 19:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-09 18:08 - 2015-03-19 20:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-09 18:08 - 2015-03-19 20:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-09 18:08 - 2015-03-19 19:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-09 18:08 - 2015-03-19 19:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-09 18:08 - 2015-03-01 18:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-09 18:08 - 2015-03-01 18:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-09 18:07 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 18:07 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 18:07 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 18:07 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 18:07 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 18:07 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 18:07 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 18:07 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 18:07 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 18:07 - 2015-05-22 19:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 18:07 - 2015-05-22 19:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 18:07 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 18:07 - 2015-05-22 19:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 18:07 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 18:07 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 18:07 - 2015-05-22 19:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 18:07 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 18:07 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 18:07 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 18:07 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 18:07 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 18:07 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 18:07 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 18:07 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 18:07 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 18:07 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 18:07 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 18:07 - 2015-05-22 11:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 18:07 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 18:07 - 2015-05-22 11:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 18:07 - 2015-05-22 11:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 18:07 - 2015-05-22 11:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 18:07 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 18:07 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 18:07 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 18:07 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 18:07 - 2015-05-22 10:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 18:07 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 18:07 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 18:07 - 2015-05-21 09:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-08 22:28 - 2015-06-08 22:28 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-06-08 22:28 - 2015-06-08 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series

2015-06-08 22:27 - 2015-06-08 22:27 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-06-08 22:26 - 2010-08-25 05:00 - 00361472 _____ (CANON INC.) C:\Windows\system32\CNMLMA9.DLL
2015-06-08 22:25 - 2010-03-18 19:26 - 00348672 _____ (CANON INC.) C:\Windows\system32\CNC495L.dll
2015-06-08 22:25 - 2010-03-18 19:25 - 00307200 _____ (CANON INC.) C:\Windows\SysWOW64\CNC495L.dll
2015-06-08 22:25 - 2010-03-18 17:13 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNC495C.dll
2015-06-08 22:25 - 2010-03-18 17:13 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC495I.dll
2015-06-08 22:25 - 2010-03-18 17:11 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC495U.dll
2015-06-08 22:25 - 2009-11-13 14:35 - 00012800 _____ C:\Windows\SysWOW64\CNC1747D.TBL
2015-06-08 22:25 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-06-08 22:25 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-06-08 16:59 - 2015-06-08 16:59 - 00007600 _____ C:\Users\jiank\AppData\Local\Resmon.ResmonCfg
2015-06-06 23:34 - 2015-06-06 23:34 - 00000000 ____D C:\Users\jiank\AppData\Local\GWX
2015-06-05 13:06 - 2015-05-22 06:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 13:06 - 2015-05-21 06:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 13:06 - 2015-05-21 06:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 13:06 - 2015-05-21 06:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 13:06 - 2015-05-21 06:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 13:06 - 2015-05-21 06:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 13:06 - 2015-05-21 06:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 13:06 - 2015-04-16 15:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-31 19:50 - 2015-05-31 19:50 - 00000000 ____D C:\ProgramData\Adobe
2015-05-31 19:19 - 2015-06-23 13:24 - 00000000 ____D C:\ProgramData\boost_interprocess
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-28 14:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-28 13:39 - 2014-09-10 20:48 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2728678769-1798011253-2640574055-1001
2015-06-28 13:35 - 2014-09-10 20:46 - 00000092 _____ C:\Users\jiank\AppData\Roaming\sp_data.sys
2015-06-28 12:03 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-28 11:59 - 2013-08-22 08:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-28 11:48 - 2014-09-10 20:48 - 00000000 __RDO C:\Users\jiank\OneDrive
2015-06-28 11:44 - 2015-05-24 22:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 15:31 - 2014-09-17 18:33 - 00000030 _____ C:\Users\jiank\AppData\Roaming\fixcfg.ini
2015-06-26 16:45 - 2014-07-25 09:38 - 00000000 ____D C:\ProgramData\McAfee
2015-06-26 15:18 - 2014-05-16 13:08 - 00437500 _____ C:\Windows\system32\prfh0804.dat
2015-06-26 15:18 - 2014-05-16 13:08 - 00135664 _____ C:\Windows\system32\prfc0804.dat
2015-06-26 15:18 - 2014-03-18 03:03 - 01434808 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-26 15:12 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-26 15:11 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-26 15:10 - 2014-09-10 20:39 - 00000000 ____D C:\Users\jiank
2015-06-26 14:18 - 2014-07-25 09:16 - 00000000 ___HD C:\Intel
2015-06-26 14:17 - 2014-09-10 21:22 - 00000000 ____D C:\ProgramData\Kingsoft
2015-06-26 14:16 - 2014-09-10 21:43 - 00000000 ____D C:\ProgramData\KSafe
2015-06-24 13:04 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-23 18:02 - 2015-05-24 18:02 - 00000000 ____D C:\Users\jiank\AppData\Local\SkinSpotlightsReplays
2015-06-23 17:01 - 2015-05-25 13:15 - 00000000 ____D C:\Fraps
2015-06-23 13:26 - 2015-04-16 04:38 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-23 13:26 - 2014-07-25 09:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-22 13:49 - 2015-05-23 19:41 - 00000000 ____D C:\Program Files (x86)\OBS
2015-06-22 13:19 - 2015-05-23 19:41 - 00000000 ____D C:\Program Files\OBS
2015-06-22 13:15 - 2015-05-25 00:09 - 00000000 ____D C:\Windows\SysWOW64\dg597
2015-06-19 20:02 - 2014-09-17 15:44 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 20:02 - 2014-09-17 15:44 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-17 02:10 - 2015-04-16 04:34 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-16 23:48 - 2015-04-16 04:37 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-16 23:48 - 2015-04-16 04:37 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-16 23:48 - 2015-04-16 04:37 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-16 23:48 - 2015-04-16 04:37 - 01059472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-06-16 23:48 - 2015-04-16 04:37 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-16 23:48 - 2015-04-16 04:37 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-16 23:48 - 2015-04-16 04:37 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-06-16 23:48 - 2015-04-16 04:37 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-16 14:41 - 2014-09-22 20:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-16 14:36 - 2014-09-22 19:55 - 00000000 ____D C:\NVIDIA
2015-06-15 23:43 - 2015-04-16 04:38 - 00000000 ____D C:\Users\jiank\AppData\Local\NVIDIA
2015-06-15 23:43 - 2014-09-10 22:33 - 00000000 ____D C:\Users\jiank\Desktop\Unused
2015-06-15 23:42 - 2014-09-10 20:42 - 00000000 ____D C:\Users\jiank\AppData\Local\NVIDIA Corporation
2015-06-15 23:41 - 2014-07-25 09:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-15 23:26 - 2014-07-25 09:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-13 21:33 - 2015-05-27 18:24 - 00000000 ____D C:\Users\jiank\AppData\Roaming\NVIDIA
2015-06-12 13:30 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-06-11 14:07 - 2015-05-24 17:55 - 00000000 __SHD C:\Users\jiank\AppData\Local\EmieBrowserModeList
2015-06-11 14:07 - 2014-09-10 21:12 - 00000000 __SHD C:\Users\jiank\AppData\Local\EmieUserList
2015-06-11 14:07 - 2014-09-10 21:12 - 00000000 __SHD C:\Users\jiank\AppData\Local\EmieSiteList
2015-06-11 13:10 - 2013-08-22 07:44 - 00479240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 20:27 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-10 20:19 - 2014-07-25 09:19 - 00000000 ____D C:\ProgramData\Atheros
2015-06-09 23:20 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-09 23:20 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 22:45 - 2014-10-17 21:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 22:34 - 2014-10-17 21:25 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 23:25 - 2015-05-23 18:48 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-08 23:25 - 2015-05-23 18:48 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-08 22:26 - 2013-08-22 08:36 - 00000000 __RSD C:\Windows\Media
2015-06-06 19:35 - 2014-09-10 20:42 - 00000000 ____D C:\Users\jiank\AppData\Local\Packages
2015-06-02 19:18 - 2014-09-10 21:21 - 00000000 ____D C:\Users\jiank\AppData\Local\liebao
2015-06-02 07:11 - 2015-04-16 04:37 - 04421614 _____ C:\Windows\system32\nvcoproc.bin
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\MediaViewer
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\FileManager
2015-06-01 23:56 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Camera
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ___SD C:\Windows\system32\dsc
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\sppui
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sppui
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\setup
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\Com
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\IME
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-06-01 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-01 23:55 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-06-01 23:55 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-01 23:55 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\system32\Sysprep
2015-06-01 23:55 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\system32\oobe
2015-06-01 23:55 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\system32\Dism
2015-06-01 23:55 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\servicing
2015-06-01 23:54 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-06-01 23:54 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-06-01 23:54 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-06-01 23:53 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\WindowsPowerShell
2015-05-31 20:03 - 2014-09-11 00:21 - 00000000 ____D C:\Users\jiank\AppData\Roaming\LolClient
2015-05-31 19:50 - 2014-09-10 20:42 - 00000000 ____D C:\Users\jiank\AppData\Roaming\Adobe
 
==================== Files in the root of some directories =======
2014-09-17 18:33 - 2015-06-27 15:31 - 0000030 _____ () C:\Users\jiank\AppData\Roaming\fixcfg.ini
2014-11-26 17:53 - 2014-12-01 11:30 - 0179256 _____ (Tencent) C:\Users\jiank\AppData\Roaming\liburl.dll
2014-11-26 17:53 - 2014-11-26 17:53 - 0178744 _____ (Tencent) C:\Users\jiank\AppData\Roaming\liburl.dll.1
2014-11-26 17:53 - 2014-11-29 23:03 - 0178744 _____ (Tencent) C:\Users\jiank\AppData\Roaming\liburl.dll.3
2014-09-10 20:46 - 2015-06-28 13:35 - 0000092 _____ () C:\Users\jiank\AppData\Roaming\sp_data.sys
2015-06-08 16:59 - 2015-06-08 16:59 - 0007600 _____ () C:\Users\jiank\AppData\Local\Resmon.ResmonCfg
2015-06-16 19:08 - 2015-06-16 19:08 - 1116512 _____ () C:\ProgramData\DetectPCMgrDLLEx.dll
2015-06-16 19:08 - 2015-06-16 19:08 - 0549361 _____ () C:\ProgramData\DetectPCMgrDLLEx.dll.20150616.dat
2014-07-25 09:25 - 2014-07-25 09:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-16 13:02 - 2012-09-07 04:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-16 13:02 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-16 13:02 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2015-06-16 19:09 - 2015-06-16 19:09 - 0211296 _____ () C:\ProgramData\UpdateDetectPCMgrDLLEx_0611.exe
2015-06-16 19:08 - 2015-06-16 19:09 - 0092320 _____ () C:\ProgramData\UpdateDetectPCMgrDLLEx_0611.exe.20150616.dat
 
Files to move or delete:
====================
C:\ProgramData\DetectPCMgrDLLEx.dll
C:\ProgramData\DetectPCMgrDLLEx.dll.20150616.dat
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\ProgramData\UpdateDetectPCMgrDLLEx_0611.exe
C:\ProgramData\UpdateDetectPCMgrDLLEx_0611.exe.20150616.dat
 
 
Some files in TEMP:
====================
C:\Users\jiank\AppData\Local\Temp\0232571435362210mcinst.exe
C:\Users\jiank\AppData\Local\Temp\SRLDetectionLibrary7891363246394110611.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-26 18:14
 
==================== End of log ============================

Edited by itzelmo, 28 June 2015 - 04:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users