Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent and PUP.Optional.WebSearches.A infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 luilok12

luilok12

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 17 July 2015 - 08:16 AM

Hello,

 

I run threat scan with Malwarebytes Anti-Malware Home regularly. Every scan Trojan.Agent and PUP.Optional.WebSearches.A are found and then I remove them. But they appeared again in the scan the next day. What should I do? Please help!

 

Here's the result of the lastest scan:

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 17/7/2015
Scan Time: 20:06
Logfile: malwaebytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.17.03
Rootkit Database: v2015.07.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: earlok
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 481223
Time Elapsed: 40 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2816781532-1561410716-2593902748-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, , [993e33af0b7f80b6dc2bf4124ab91ee2], 
Trojan.Agent, HKU\S-1-5-21-2816781532-1561410716-2593902748-1001_Classes\thunder, , [7a5d80627b0f0f27f7447e3a788b926e], 
 
Registry Values: 1
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2816781532-1561410716-2593902748-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=WDCXWD5000AAKX-083CA0_WD-WCAYUJ11855818558&ts=1422256378&type=default&q={searchTerms}, , [993e33af0b7f80b6dc2bf4124ab91ee2]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 17 July 2015 - 09:45 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 luilok12

luilok12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 17 July 2015 - 11:13 AM

Thanks for the quick reply! At first, I got the message that "You do not have permission for that action." when I try to post whole text in one post so I thought that I may have posted too many text and I tried to use more posts. But I then find out that it is due to an error caused by Simplified Chinese. I have already translated Simplified Chinese to Traditional Chinese so that there are no more errors. You may just ignore the posts after the logfiles. Thank you!


Edited by luilok12, 17 July 2015 - 12:12 PM.


#4 luilok12

luilok12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 17 July 2015 - 11:21 AM

FRST.txt: 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by earlok (administrator) on EARLOK-PC on 17-07-2015 23:53:36
Running from D:\Downloads
Loaded Profiles: earlok (Available Profiles: earlok & CLLY)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Chinese (Traditional, Hong Kong S.A.R.)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
( Rsupport Corporation) C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() D:\Yahoo!\KeyKey\KeyKeyServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() D:\game\Garena Plus\GarenaMessenger.exe
(Alen Soft) C:\Program Files (x86)\TTPlayer\TTPlayer.exe
() D:\game\Garena Plus\bbtalk\BBTalk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
() D:\game\Garena Plus\ggdllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://tw.rd.yahoo.com/referurl/keykey/client/s/ie/*http://tw.search.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://tw.rd.yahoo.com/referurl/keykey/client/s/ie/*http://tw.search.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2816781532-1561410716-2593902748-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://tw.rd.yahoo.com/referurl/keykey/client/s/ie/*http://tw.search.yahoo.com
HKU\S-1-5-21-2816781532-1561410716-2593902748-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.hk
HKU\S-1-5-21-2816781532-1561410716-2593902748-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://hk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2816781532-1561410716-2593902748-1001 -> {94c09b57-7f77-4f2a-8c8f-8a74f2de6d0a} URL = http://tw.rd.yahoo.com/referurl/keykey/client/s/ie/*http://tw.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=yfp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-06-25] (IObit)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> D:\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Microsoft 帳戶登入協助程式 -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2816781532-1561410716-2593902748-1001 -> No Name - {10DA0340-2283-4D1C-ADA5-C7518265697E} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{ADF3446F-F67E-4EBE-9377-DF6074BF415B}: [DhcpNameServer] 203.185.0.35 203.185.0.36
 
FireFox:
========
FF ProfilePath: C:\Users\earlok\AppData\Roaming\Mozilla\Firefox\Profiles\1ucvtlcn.default-1430243039841
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-05] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> D:\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2014-08-11] (Baidu.com, Inc.)
FF Plugin-x32: @gamania.com/beanfun -> C:\Program Files (x86)\beanfun!\beanfun! Plugin\npBFWebStart.dll [2012-08-06] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\earlok\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2014-01-24] (Raidcall)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-04-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-04-04] (RealPlayer Cloud)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\game\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2014-01-08] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2816781532-1561410716-2593902748-1001: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2014-01-08] ( )
FF user.js: detected! => C:\Users\earlok\AppData\Roaming\Mozilla\Firefox\Profiles\1ucvtlcn.default-1430243039841\user.js [2015-07-05]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBFPlugin.dll [2011-09-23] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-04-04] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-04-04] (RealPlayer Cloud)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\creativecommons.xml [2015-02-07]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findbook-zh-TW.xml [2015-02-07]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-zh-TW.xml [2015-02-07]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-answer-zh-TW.xml [2015-02-07]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-bid-zh-TW.xml [2015-02-07]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-zh-TW.xml [2015-02-07]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\earlok\AppData\Roaming\Mozilla\Firefox\Profiles\1ucvtlcn.default-1430243039841\Extensions\iobitascsurfingprotection@iobit.com [2015-06-25]
FF Extension: BitComet Video Downloader - C:\Users\earlok\AppData\Roaming\Mozilla\Firefox\Profiles\1ucvtlcn.default-1430243039841\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2015-05-07]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\earlok\AppData\Roaming\Mozilla\Firefox\Profiles\1ucvtlcn.default-1430243039841\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-26]
FF Extension: AdBlock for Facebook - C:\Users\earlok\AppData\Roaming\Mozilla\Firefox\Profiles\1ucvtlcn.default-1430243039841\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2015-06-26]
FF Extension: AdBlock for YouTube™ - C:\Users\earlok\AppData\Roaming\Mozilla\Firefox\Profiles\1ucvtlcn.default-1430243039841\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2015-06-26]
FF Extension: Adblock Plus - C:\Users\earlok\AppData\Roaming\Mozilla\Firefox\Profiles\1ucvtlcn.default-1430243039841\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-26]
FF Extension: Adblock Edge - C:\Users\earlok\AppData\Roaming\Mozilla\Firefox\Profiles\1ucvtlcn.default-1430243039841\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-06-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-04-04]
StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (YouTube) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Google Search) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (AdBlock) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-06]
CHR Extension: (Download Master) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2014-03-06]
CHR Extension: (Video Deck for YouTube™) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpoakikepagdiphlmfaeifpojdmbnegj [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Instagram for Chrome) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-03-06]
CHR Extension: (Gmail) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]
CHR Profile: C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (History site blocker) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkgnheiibhnjklgimaldgngjcfblachh [2015-06-05]
CHR Extension: (Adblock Plus) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-26]
CHR Extension: (APK Downloader) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-03-25]
CHR Extension: (Adblock for Youtube) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\chcdmmijfmoaolnkhmikojenjkajejkj [2014-11-26]
CHR Extension: (pixist) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cmiejnciickdmfmfmblihbphbcoemcnh [2014-11-06]
CHR Extension: (BitComet Download Extension for Chrome) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhigneefebkcagnpnpbibganpmfgebnk [2015-05-07]
CHR Extension: (NicoNico Audio Extractor) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eecoahjklhopckkiefihjloeidikepdh [2014-11-02]
CHR Extension: (BetaFish Adblocker) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-26]
CHR Extension: (AdBlock Plus) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kfcfceejhleedfbabanmaamfiagjhncj [2014-11-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Skype Click to Call) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-06]
CHR Extension: (APK Downloader) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\obhlfmheblhjhkmacldlhdnbgbaiigba [2014-12-08]
CHR Extension: (Adblock Pro) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-11-29]
CHR Extension: (Simple Adblock) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ockogkkjjhgjelcddamlnjcfnmiegjfg [2014-11-26]
CHR Extension: (Unblock Youku) - C:\Users\earlok\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-11-02]
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BITCOMET_HELPER_SERVICE; D:\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
S2 HEU_KMS_Renewal; C:\Windows\srvany.exe [8192 2006-06-28] () [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878880 2015-05-12] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2014-05-06] (Macromedia) [File not signed]
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [3353360 2015-06-24] ( Rsupport Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S3 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-04-04] (RealNetworks, Inc.)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S4 Rohos Disk; C:\Program Files (x86)\Rohos\agent.exe [825008 2015-02-13] (Tesline-Service SRL)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2014-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2014-01-08] (ShenZhen Xunlei Networking Technologies,LTD)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2014-12-12] (Advanced Micro Devices Inc.)
S3 cpuz137; No ImagePath

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-12] (Disc Soft Ltd)

S3 EagleX64; No ImagePath

R1 express; C:\Windows\System32\Drivers\express.sys [99480 2015-07-09] (北京百度網訊科技有限公司)

R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 GGSAFERDriver; No ImagePath
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-10-11] (Sony Mobile Communications)
R1 hao123protect; C:\Windows\System32\Drivers\protectsrv2094145.sys [212248 2015-03-18] (北京百度網訊科技有限公司)
S1 HWiNFO32; No ImagePath
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36944 2014-03-04] (IObit)
R3 IPvE; C:\Windows\System32\DRIVERS\IPvEx64.sys [32240 2011-04-18] (IPVE)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2015-02-05] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0045.sys [28768 2014-01-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nMatrix; C:\Windows\System32\DRIVERS\nMatrix.sys [60432 2014-07-14] (DigiStar Studio)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R2 RHDISK_AMD64; C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS [42920 2014-10-12] (Tesline-Service SRL)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2014-10-12] (Sony Ericsson Mobile Communications)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation) [File not signed]
S3 cpuz134; \??\C:\Users\earlok\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-17 23:53 - 2015-07-17 23:53 - 00000000 ____D C:\FRST
2015-07-17 20:47 - 2015-07-17 20:47 - 00001743 _____ C:\Users\earlok\Desktop\malwaebytes.txt
2015-07-17 17:34 - 2015-07-17 17:48 - 00000336 _____ C:\Windows\setupact.log
2015-07-17 17:34 - 2015-07-17 17:38 - 05075592 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-17 17:34 - 2015-07-17 17:34 - 00006250 _____ C:\Windows\PFRO.log
2015-07-17 17:34 - 2015-07-17 17:34 - 00000000 _____ C:\Windows\setuperr.log
2015-07-16 15:50 - 2015-07-16 15:50 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-16 15:50 - 2015-07-16 15:50 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-16 15:50 - 2015-07-16 15:50 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-16 15:35 - 2015-07-17 20:03 - 00003386 _____ C:\Windows\System32\Tasks\gg_uac_daemon_earlok
2015-07-16 01:28 - 2015-07-16 01:30 - 00000000 ____D C:\Users\earlok\Desktop\Past Papers
2015-07-15 17:32 - 2015-07-10 01:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 17:32 - 2015-07-10 01:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 17:32 - 2015-07-10 01:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 17:32 - 2015-07-10 01:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 17:32 - 2015-07-10 01:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 17:32 - 2015-07-10 01:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 17:32 - 2015-07-10 01:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 17:32 - 2015-07-10 01:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 17:32 - 2015-07-10 01:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 17:32 - 2015-07-10 01:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 17:32 - 2015-07-10 01:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 17:32 - 2015-07-10 01:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 17:32 - 2015-07-10 01:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 17:32 - 2015-07-10 01:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 17:32 - 2015-07-10 01:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 17:32 - 2015-07-10 01:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 17:32 - 2015-07-03 05:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 17:32 - 2015-07-03 05:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 17:32 - 2015-07-03 04:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 17:32 - 2015-07-03 04:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 17:32 - 2015-07-03 04:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 17:32 - 2015-07-03 04:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 17:32 - 2015-07-03 04:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 17:32 - 2015-07-03 04:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 17:32 - 2015-07-03 04:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 17:32 - 2015-07-03 03:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 17:32 - 2015-07-03 03:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 17:32 - 2015-07-03 02:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 17:32 - 2015-06-27 10:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 17:32 - 2015-06-27 10:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 17:32 - 2015-06-27 09:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 17:32 - 2015-06-27 09:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 17:31 - 2015-07-10 01:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 17:31 - 2015-07-10 01:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 17:31 - 2015-07-10 01:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 17:31 - 2015-07-10 01:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 17:31 - 2015-07-10 01:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 17:31 - 2015-07-10 01:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 17:31 - 2015-07-10 01:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 17:31 - 2015-07-10 01:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 17:31 - 2015-07-05 02:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 17:31 - 2015-07-05 01:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 17:31 - 2015-07-04 02:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 17:31 - 2015-07-04 02:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 17:31 - 2015-07-04 02:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 17:31 - 2015-07-04 02:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 17:31 - 2015-07-04 01:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 17:31 - 2015-07-04 01:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 17:31 - 2015-07-04 01:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 17:31 - 2015-07-04 01:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 17:31 - 2015-07-04 00:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 17:31 - 2015-07-04 00:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 17:31 - 2015-07-02 04:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 17:31 - 2015-07-02 04:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 17:31 - 2015-07-02 04:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 17:31 - 2015-07-02 04:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 17:31 - 2015-07-02 04:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 17:31 - 2015-07-02 04:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 17:31 - 2015-07-02 04:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 17:31 - 2015-07-02 04:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 17:31 - 2015-07-02 04:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 17:31 - 2015-07-02 04:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 17:31 - 2015-07-02 04:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 17:31 - 2015-07-02 04:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 17:31 - 2015-07-02 04:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 17:31 - 2015-07-02 04:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 17:31 - 2015-07-02 04:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 17:31 - 2015-07-02 04:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 17:31 - 2015-07-02 04:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 17:31 - 2015-07-02 04:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 17:31 - 2015-07-02 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 17:31 - 2015-07-02 04:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 17:31 - 2015-07-02 04:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 17:31 - 2015-07-02 04:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 17:31 - 2015-07-02 04:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 17:31 - 2015-07-02 04:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 17:31 - 2015-07-02 04:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 17:31 - 2015-07-02 04:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 17:31 - 2015-07-02 04:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 17:31 - 2015-07-02 04:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 17:31 - 2015-07-02 04:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 17:31 - 2015-07-02 04:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 17:31 - 2015-07-02 04:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 17:31 - 2015-07-02 04:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 17:31 - 2015-07-02 04:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 17:31 - 2015-07-02 04:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 17:31 - 2015-07-02 04:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 17:31 - 2015-07-02 03:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 17:31 - 2015-07-02 03:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 17:31 - 2015-07-02 03:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 17:31 - 2015-06-18 01:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 17:31 - 2015-06-18 01:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 17:31 - 2015-06-16 05:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 17:31 - 2015-06-16 05:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 17:31 - 2015-06-16 05:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 17:31 - 2015-06-16 05:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 17:31 - 2015-06-16 05:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 17:31 - 2015-06-16 05:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 17:31 - 2015-06-16 05:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 17:31 - 2015-06-16 05:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 17:31 - 2015-06-16 05:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 17:31 - 2015-06-16 05:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 17:31 - 2015-06-16 05:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 17:31 - 2015-06-16 05:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 17:31 - 2015-06-10 02:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 17:31 - 2015-06-10 02:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 17:31 - 2015-06-02 08:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 17:31 - 2015-06-02 07:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 14:45 - 2015-06-26 02:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 14:45 - 2015-06-26 01:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 14:45 - 2015-06-21 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 14:45 - 2015-06-21 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 14:45 - 2015-06-21 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 14:45 - 2015-06-21 03:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 14:45 - 2015-06-21 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 14:45 - 2015-06-21 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 14:45 - 2015-06-21 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 14:45 - 2015-06-21 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 14:45 - 2015-06-21 03:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 14:45 - 2015-06-21 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 14:45 - 2015-06-21 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 14:45 - 2015-06-21 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 14:45 - 2015-06-21 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 14:45 - 2015-06-21 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 14:45 - 2015-06-21 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 14:45 - 2015-06-21 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 14:45 - 2015-06-21 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 14:45 - 2015-06-21 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 14:45 - 2015-06-21 02:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 14:45 - 2015-06-21 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 14:45 - 2015-06-21 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 14:45 - 2015-06-21 02:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 14:45 - 2015-06-21 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 14:45 - 2015-06-20 02:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 14:45 - 2015-06-20 02:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 14:45 - 2015-06-20 02:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 14:45 - 2015-06-20 02:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 14:45 - 2015-06-20 02:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 14:45 - 2015-06-20 02:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 14:45 - 2015-06-20 02:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 14:45 - 2015-06-20 02:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 14:45 - 2015-06-20 02:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 14:45 - 2015-06-20 02:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 14:45 - 2015-06-20 01:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 14:45 - 2015-06-20 01:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 14:45 - 2015-06-20 01:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 14:45 - 2015-06-20 01:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 14:45 - 2015-06-20 01:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 14:45 - 2015-06-20 01:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 14:45 - 2015-06-20 01:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 14:45 - 2015-06-20 01:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 14:45 - 2015-06-20 01:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 14:45 - 2015-06-12 01:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 14:45 - 2015-06-12 01:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 14:45 - 2015-06-12 01:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 14:45 - 2015-06-12 01:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 14:45 - 2015-06-12 01:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 14:45 - 2015-06-12 01:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 14:45 - 2015-06-11 21:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 14:44 - 2015-06-25 16:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 23:01 - 2015-07-17 23:14 - 00000538 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 23:01 - 2015-07-17 23:06 - 00000542 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 23:01 - 2015-07-14 23:01 - 00003538 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 23:01 - 2015-07-14 23:01 - 00003286 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 23:01 - 2015-07-14 23:01 - 00000001 _____ C:\Windows\SysWOW64\FlashPaper2PrinterPort
2015-07-14 23:01 - 2015-07-14 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-14 23:00 - 2015-07-14 23:01 - 00931408 _____ (Google Inc.) C:\Users\earlok\Downloads\ChromeSetup.exe
2015-07-14 23:00 - 2015-07-14 23:00 - 00000000 ____D C:\Users\earlok\Downloads\GoogleChromePortableDev
2015-07-14 22:59 - 2015-07-14 22:59 - 01411480 _____ (PortableApps.com) C:\Users\earlok\Downloads\GoogleChromePortableDev_45.0.2453.0_online.paf.exe
2015-07-14 22:21 - 2015-07-14 22:43 - 00000156 _____ C:\Windows\Reimage.ini
2015-07-09 22:05 - 2015-07-09 22:08 - 00000000 ____D C:\Users\earlok\Desktop\minecraft_1.8.7_server_2
2015-07-09 19:49 - 2015-07-09 19:50 - 00000000 ____D C:\Users\earlok\AppData\Roaming\ftblauncher
2015-07-09 17:16 - 2015-07-09 17:16 - 00000000 ____D C:\Users\earlok\AppData\Roaming\.atlauncher
2015-07-06 22:55 - 2015-07-17 20:12 - 00004722 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for earlok-PC-earlok earlok-PC
2015-07-05 17:36 - 2015-07-05 17:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 15:44 - 2015-07-15 23:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-05 12:46 - 2015-07-05 12:46 - 17246384 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-05 00:17 - 2015-07-05 16:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-05 00:17 - 2015-07-05 16:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-02 20:53 - 2015-07-03 15:52 - 16048498 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-02 19:15 - 2015-07-02 19:15 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\652E7303.sys
2015-06-26 13:56 - 2015-06-26 13:56 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-06-26 13:50 - 2015-05-21 21:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-26 12:15 - 2015-07-17 20:23 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2015-06-26 11:44 - 2015-06-26 11:44 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2015-06-26 11:43 - 2015-06-26 11:47 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-06-26 11:38 - 2015-06-27 15:47 - 00000000 ____D C:\ProgramData\{2099a40f-27b5-509f-2099-9a40f27b903c}
2015-06-26 11:02 - 2015-06-26 11:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-06-25 00:17 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\SysWOW64\IObitSmartDefragExtension.dll
2015-06-25 00:13 - 2015-06-25 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-06-24 23:45 - 2015-06-25 10:19 - 00000000 ____D C:\Program Files (x86)\AppendModule
2015-06-24 23:44 - 2015-06-25 01:29 - 00000000 ____D C:\Program Files (x86)\CutThePrrice
2015-06-24 23:44 - 2015-06-25 01:29 - 00000000 ____D C:\Program Files (x86)\Clear Cache
2015-06-23 23:09 - 2015-04-15 21:38 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-06-23 23:09 - 2015-04-15 21:38 - 00207272 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-06-23 23:09 - 2015-04-15 21:37 - 00206760 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-06-23 22:56 - 2015-06-28 21:47 - 00000000 ____D C:\Users\earlok\Desktop\minecraft_1.8.7_server
2015-06-21 15:36 - 2015-06-21 15:36 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-21 15:32 - 2015-06-21 15:32 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-21 15:32 - 2015-06-21 15:32 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-21 15:32 - 2015-06-21 15:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-21 15:32 - 2015-06-21 15:32 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-21 15:32 - 2015-06-21 15:32 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-21 15:32 - 2015-06-21 15:32 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-21 15:32 - 2015-06-21 15:32 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-21 15:32 - 2015-06-21 15:32 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-17 23:48 - 2014-01-07 22:36 - 00000000 ____D C:\Users\earlok\AppData\Roaming\Skype
2015-07-17 21:06 - 2014-05-06 22:28 - 00000000 ____D C:\Users\earlok\AppData\Roaming\Notepad++
2015-07-17 20:06 - 2015-05-22 00:36 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-17 20:05 - 2009-07-14 12:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 20:05 - 2009-07-14 12:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 20:00 - 2015-06-11 02:06 - 01684286 _____ C:\Windows\WindowsUpdate.log
2015-07-17 20:00 - 2014-08-27 23:34 - 00002878 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (earlok)
2015-07-17 19:58 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-17 19:57 - 2009-07-14 13:08 - 00032664 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-17 19:48 - 2014-01-07 22:45 - 00000000 ____D C:\Users\earlok\AppData\Roaming\GarenaPlus
2015-07-17 19:48 - 2014-01-07 22:45 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-07-16 16:31 - 2015-03-31 22:36 - 00002908 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_earlok
2015-07-16 15:55 - 2014-08-27 20:10 - 00000000 ____D C:\temp
2015-07-16 15:55 - 2014-01-07 22:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-16 15:52 - 2015-01-26 16:48 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-16 15:52 - 2014-01-07 22:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-16 15:50 - 2015-06-07 21:21 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-16 15:50 - 2015-06-07 21:21 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-07-16 15:50 - 2015-06-07 21:21 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-16 15:50 - 2015-06-07 21:21 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-16 15:50 - 2015-04-17 00:20 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-07-16 15:50 - 2015-04-09 15:56 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-07-16 15:50 - 2014-08-27 23:44 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-07-16 15:06 - 2015-06-15 18:12 - 00000000 ____D C:\Windows\rescache
2015-07-16 01:44 - 2015-04-09 04:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\uk-UA
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\th-TH
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\sl-SI
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\sk-SK
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\lv-LV
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\lt-LT
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\hr-HR
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\he-IL
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\et-EE
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\bg-BG
2015-07-16 01:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\ar-SA
2015-07-15 23:32 - 2014-12-24 12:48 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 23:23 - 2015-06-07 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheDeath HEAT Project
2015-07-15 23:01 - 2014-01-07 22:50 - 00000000 ____D C:\Users\earlok\AppData\Roaming\Adobe
2015-07-15 19:02 - 2015-01-26 15:08 - 00000000 ____D C:\Users\earlok\Desktop\Temporary Folder
2015-07-15 17:57 - 2014-06-28 20:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-15 17:57 - 2014-01-08 00:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 17:44 - 2009-07-14 10:34 - 00000608 _____ C:\Windows\win.ini
2015-07-15 14:57 - 2014-10-21 21:55 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 13:28 - 2014-08-29 11:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-15 13:28 - 2014-01-07 22:35 - 00000000 ____D C:\ProgramData\Skype
2015-07-14 23:33 - 2014-08-28 17:47 - 00000000 ____D C:\Users\earlok\Desktop\Shortcuts
2015-07-14 23:02 - 2014-05-06 19:48 - 00000000 ____D C:\Program Files (x86)\Macromedia
2015-07-14 23:01 - 2014-05-06 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-07-14 23:01 - 2014-01-07 22:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-14 11:59 - 2014-08-24 10:30 - 178810880 _____ C:\Windows\system32\config\software.iodefrag.bak
2015-07-14 11:59 - 2014-08-24 10:29 - 01351680 _____ C:\Windows\system32\config\default.iodefrag.bak
2015-07-14 11:59 - 2014-08-24 10:29 - 00094208 _____ C:\Windows\system32\config\sam.iodefrag.bak
2015-07-14 11:59 - 2014-08-24 10:29 - 00028672 _____ C:\Windows\system32\config\security.iodefrag.bak
2015-07-13 18:59 - 2014-08-03 16:19 - 00000000 ____D C:\ProgramData\ProductData
2015-07-11 14:48 - 2014-08-06 17:29 - 00000000 ____D C:\Users\earlok\AppData\Roaming\.minecraft
2015-07-10 20:37 - 2015-03-29 01:50 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-10 20:37 - 2015-03-29 01:50 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-09 19:33 - 2014-05-06 19:26 - 00000000 ____D C:\Users\earlok\AppData\Roaming\.technic
2015-07-09 15:41 - 2014-11-06 21:42 - 00099480 _____ (北京百度網訊科技有限公司) C:\Windows\system32\Drivers\express.sys
2015-07-09 15:35 - 2014-10-29 19:30 - 288628736 _____ C:\Windows\system32\config\components.iodefrag.bak
2015-07-09 02:54 - 2015-04-09 04:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-06 19:10 - 2014-01-08 00:21 - 00000526 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-05 18:11 - 2014-01-08 00:21 - 00003466 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-05 18:08 - 2010-11-21 11:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-05 17:36 - 2015-03-22 13:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-05 17:00 - 2015-06-11 02:15 - 00000286 _____ C:\Windows\Tasks\DLL-Files FixerASKUSER.job
2015-07-05 17:00 - 2015-06-09 23:48 - 00000294 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2015-07-05 17:00 - 2015-06-09 23:48 - 00000278 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2015-07-05 16:19 - 2015-06-09 23:48 - 00003040 _____ C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates
2015-07-05 16:18 - 2014-08-03 16:18 - 00000000 ____D C:\Users\earlok\AppData\Roaming\IObit
2015-07-05 16:17 - 2014-08-03 16:18 - 00000000 ____D C:\Program Files (x86)\IObit
2015-07-05 16:10 - 2015-06-09 23:48 - 00003026 _____ C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY
2015-07-05 15:44 - 2014-01-08 17:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-05 00:43 - 2014-03-29 20:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-03 15:52 - 2015-04-26 14:22 - 00708800 _____ C:\Windows\system32\prfh0416.dat
2015-07-03 15:52 - 2015-04-26 14:22 - 00148528 _____ C:\Windows\system32\prfc0416.dat
2015-07-03 15:52 - 2014-11-14 19:41 - 00735250 _____ C:\Windows\system32\perfh015.dat
2015-07-03 15:52 - 2014-11-14 19:41 - 00723886 _____ C:\Windows\system32\prfh0816.dat
2015-07-03 15:52 - 2014-11-14 19:41 - 00156744 _____ C:\Windows\system32\perfc015.dat
2015-07-03 15:52 - 2014-11-14 19:41 - 00153778 _____ C:\Windows\system32\prfc0816.dat
2015-07-03 15:52 - 2014-11-06 23:58 - 00651550 _____ C:\Windows\system32\perfh01F.dat
2015-07-03 15:52 - 2014-11-06 23:58 - 00140872 _____ C:\Windows\system32\perfc01F.dat
2015-07-03 15:52 - 2014-11-06 23:08 - 00376038 _____ C:\Windows\system32\prfh0804.dat
2015-07-03 15:52 - 2014-11-06 23:08 - 00120464 _____ C:\Windows\system32\prfc0804.dat
2015-07-03 15:52 - 2014-10-26 13:54 - 00719468 _____ C:\Windows\system32\perfh019.dat
2015-07-03 15:52 - 2014-10-26 13:54 - 00151714 _____ C:\Windows\system32\perfc019.dat
2015-07-03 15:52 - 2014-10-26 13:33 - 00489382 _____ C:\Windows\system32\perfh014.dat
2015-07-03 15:52 - 2014-10-26 13:33 - 00096276 _____ C:\Windows\system32\perfc014.dat
2015-07-03 15:52 - 2014-10-26 13:06 - 00601856 _____ C:\Windows\system32\perfh008.dat
2015-07-03 15:52 - 2014-10-26 13:06 - 00112034 _____ C:\Windows\system32\perfc008.dat
2015-07-03 15:52 - 2014-10-26 12:48 - 00658588 _____ C:\Windows\system32\perfh01D.dat
2015-07-03 15:52 - 2014-10-26 12:48 - 00143346 _____ C:\Windows\system32\perfc01D.dat
2015-07-03 15:52 - 2014-10-24 22:52 - 00423294 _____ C:\Windows\system32\perfh012.dat
2015-07-03 15:52 - 2014-10-24 22:52 - 00121256 _____ C:\Windows\system32\perfc012.dat
2015-07-03 15:52 - 2014-10-23 22:50 - 00663710 _____ C:\Windows\system32\perfh005.dat
2015-07-03 15:52 - 2014-10-23 22:50 - 00142298 _____ C:\Windows\system32\perfc005.dat
2015-07-03 15:52 - 2014-10-23 22:32 - 00738366 _____ C:\Windows\system32\perfh013.dat
2015-07-03 15:52 - 2014-10-23 22:32 - 00153974 _____ C:\Windows\system32\perfc013.dat
2015-07-03 15:52 - 2014-10-23 22:26 - 00476370 _____ C:\Windows\system32\perfh00B.dat
2015-07-03 15:52 - 2014-10-23 22:26 - 00102392 _____ C:\Windows\system32\perfc00B.dat
2015-07-03 15:52 - 2014-10-23 22:21 - 00678618 _____ C:\Windows\system32\perfh00E.dat
2015-07-03 15:52 - 2014-10-23 22:21 - 00172146 _____ C:\Windows\system32\perfc00E.dat
2015-07-03 15:52 - 2014-10-23 22:10 - 00740324 _____ C:\Windows\system32\perfh00A.dat
2015-07-03 15:52 - 2014-10-23 22:10 - 00159340 _____ C:\Windows\system32\perfc00A.dat
2015-07-03 15:52 - 2014-10-23 21:52 - 00387216 _____ C:\Windows\system32\perfh00D.dat
2015-07-03 15:52 - 2014-10-23 21:52 - 00085630 _____ C:\Windows\system32\perfc00D.dat
2015-07-03 15:52 - 2014-10-23 21:13 - 00734914 _____ C:\Windows\system32\perfh010.dat
2015-07-03 15:52 - 2014-10-23 21:13 - 00147718 _____ C:\Windows\system32\perfc010.dat
2015-07-03 15:52 - 2014-10-23 21:03 - 00740584 _____ C:\Windows\system32\perfh00C.dat
2015-07-03 15:52 - 2014-10-23 21:03 - 00473882 _____ C:\Windows\system32\perfh001.dat
2015-07-03 15:52 - 2014-10-23 21:03 - 00150452 _____ C:\Windows\system32\perfc00C.dat
2015-07-03 15:52 - 2014-10-23 21:03 - 00095644 _____ C:\Windows\system32\perfc001.dat
2015-07-03 15:52 - 2014-10-23 20:42 - 00692076 _____ C:\Windows\system32\perfh007.dat
2015-07-03 15:52 - 2014-10-23 20:42 - 00149988 _____ C:\Windows\system32\perfc007.dat
2015-07-03 15:52 - 2011-04-12 23:19 - 00400142 _____ C:\Windows\system32\prfh0404.dat
2015-07-03 15:52 - 2011-04-12 23:19 - 00120022 _____ C:\Windows\system32\prfc0404.dat
2015-07-03 15:51 - 2009-07-14 13:13 - 16048498 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-03 08:43 - 2014-10-21 21:55 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-27 15:47 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Cursors
2015-06-27 14:39 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\security
2015-06-26 12:01 - 2015-05-22 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-26 11:15 - 2015-06-11 01:49 - 00000000 ____D C:\Program Files\CCleaner
2015-06-26 10:52 - 2015-03-29 02:03 - 00000000 ____D C:\AdwCleaner
2015-06-26 10:52 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-25 10:19 - 2014-11-06 23:26 - 00000000 ____D C:\Windows\bg-BG
2015-06-25 01:29 - 2014-08-03 16:18 - 00000000 ____D C:\ProgramData\IObit
2015-06-25 00:20 - 2015-04-16 23:47 - 00003188 _____ C:\Windows\System32\Tasks\ASC8_PerformanceMonitor
2015-06-25 00:19 - 2015-04-16 23:47 - 00002876 _____ C:\Windows\System32\Tasks\ASC8_SkipUac_earlok
2015-06-25 00:19 - 2014-11-21 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-06-25 00:17 - 2015-03-31 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-06-24 23:44 - 2015-04-26 22:25 - 00000000 ____D C:\ProgramData\14917275697637377622
2015-06-18 08:41 - 2015-05-22 00:35 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-05-22 00:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-05-22 00:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 14:48 - 2010-10-19 02:25 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-17 14:48 - 2010-10-19 02:25 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-17 14:48 - 2010-10-19 02:25 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-17 14:48 - 2010-10-19 02:25 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-17 14:48 - 2010-10-19 02:25 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-17 14:48 - 2010-10-19 02:25 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-17 14:32 - 2015-06-09 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2015-06-17 14:32 - 2015-06-09 23:47 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer
 
==================== Files in the root of some directories =======
 
2014-01-09 12:13 - 2015-02-14 23:23 - 0000954 _____ () C:\Users\earlok\AppData\Roaming\CoreAVC.ini
2015-06-09 20:43 - 2015-06-09 23:18 - 0000053 _____ () C:\Users\earlok\AppData\Roaming\LogFile.txt
2014-02-15 13:08 - 2014-02-15 13:08 - 0045270 _____ () C:\Users\earlok\AppData\Roaming\room_v3.dat
2014-01-27 01:48 - 2014-01-27 01:48 - 0007631 _____ () C:\Users\earlok\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-13 19:27
 
==================== End of log ============================
 

Edited by luilok12, 17 July 2015 - 12:13 PM.


#5 luilok12

luilok12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 17 July 2015 - 11:23 AM

Addition.txt: 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by earlok at 2015-07-17 23:54:40
Running from D:\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2816781532-1561410716-2593902748-500 - Administrator - Disabled)
CLLY (S-1-5-21-2816781532-1561410716-2593902748-1005 - Administrator - Enabled) => C:\Users\CLLY
earlok (S-1-5-21-2816781532-1561410716-2593902748-1001 - Administrator - Enabled) => C:\Users\earlok
Guest (S-1-5-21-2816781532-1561410716-2593902748-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2816781532-1561410716-2593902748-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«The Sims 3 Deluxe Edition» (build 10.01) (HKLM-x32\...\«The Sims 3 Deluxe Edition»_is1) (Version:  - R.G. Catalyst)
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.3.0 - IObit)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple 應用程式支援 (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple 應用程式支援 (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
beanfun! (HKU\S-1-5-21-2816781532-1561410716-2593902748-1001\...\beanfun!) (Version: 2.0.93.169 - Gamania Inc.)
Benzul Activator version 1.5.0 (HKLM-x32\...\{F9F55B5E-8E71-4B87-940B-98FF802395DB}_is1) (Version: 1.5.0 - )
BitComet 1.38 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.38 - CometNetwork)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Cool Edit Pro 2.0 (HKLM-x32\...\Cool Edit Pro 2.0) (Version:  - )
Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - )
Counter-Strike 1.6 1.6 3266 (HKLM-x32\...\Counter-Strike 1.6) (Version: 1.6 3266 - TheDeath Gaming)
Counter-Strike Global Offensive Junkies 1.31.1.0 (HKLM-x32\...\{4982DBA9-44E1-4AEB-95BA-EE073DF71ED3}_is1) (Version:  - planetcss.com, Inc.)
Counter-Strike Online 客戶端 (HKLM-x32\...\Counter-Strike Online) (Version: 客戶端 - GAMANIA)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source Beta 4646 10.08.2011 (HKLM-x32\...\Counter-Strike: Source Beta 4646 10.08.2011_is1) (Version: Counter-Strike: Source Beta 4646 10.08.2011 - www.SourceTM.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
Driver Booster 2.3 (HKLM-x32\...\Driver Booster_is1) (Version: 2.3 - IObit)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Faasoft Video Converter 5.2.2.5498 (HKLM-x32\...\{C6FE6897-0A65-4474-8EF7-E7AF11F8F239}_is1) (Version:  - Faasoft Corporation)
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.6 - Sharpened Productions)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.2 - Sharpened Productions)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5228 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HKG CS1.6 By C0RE 版本 1.1 (HKLM-x32\...\{52F174B7-F2EC-44FE-A4F6-D780A325F3FA}_is1) (Version: 1.1 - C0RE@HKG)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Mega Codec Pack 11.0.9 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.9 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.136 - PandoraTV)
LINE (HKLM-x32\...\LINE) (Version: 4.0.1.313 - LINE Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Fireworks 8 (HKLM-x32\...\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}) (Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia FlashPaper 2 (HKLM-x32\...\{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}) (Version: 2.0.0.2283 - Macromedia Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{f407f141-a702-406f-beab-318b6291e9bd}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{8e24fb65-31aa-446d-9c3e-35c5e11cb367}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobizen (HKLM-x32\...\{BA0D3A44-BCEE-4C8B-BCD4-F7F1E64F41E3}) (Version: 2.9.1.1 - RSUPPORT)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 zh-TW) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 zh-TW)) (Version: 37.0.1 - Mozilla)
Mozilla Firefox 39.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Update 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.4.5.28 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Daum Kakao Corp.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RC語音 (HKLM-x32\...\RC語音) (Version: 8.1.0-1.0.12580.562 - raidcall.com.tw)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rohos Mini Drive 2.1 (HKLM-x32\...\Rohos_Rohos22_is1) (Version:  - Tesline-Service srl)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.1 - IObit)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.5.139.1020 - Electronic Arts Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0404-1000-0000000FF1CE}_Office15.PROPLUSR_{0C53C5F8-7856-41E1-8720-37DBBD430C57}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-012B-0404-1000-0000000FF1CE}_Office15.PROPLUSR_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Yahoo! 奇摩輸入法 1.1 正式版 (build 2535 x64) (HKLM\...\{F71032AF-9EA3-E153-8B32-7D3B0645AB06}) (Version: 1.1.2535 - Yahoo! Inc.)
千千靜聽 5.0.2 (HKLM-x32\...\TTPlayer) (Version: 5.0.2 - Alen Soft)
百度雲管家 (HKLM-x32\...\百度雲管家) (Version: 4.8.2 - 百度在線網絡技術(北京)有限公司)
迅雷7 (HKLM-x32\...\thunder_is1) (Version:  - 深圳市迅雷網絡技術有限公司)
象棋巫師 5.4 (HKLM-x32\...\象棋巫師_is1) (Version:  - www.xqbase.com)
影像中心 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2816781532-1561410716-2593902748-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2816781532-1561410716-2593902748-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2816781532-1561410716-2593902748-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2816781532-1561410716-2593902748-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2816781532-1561410716-2593902748-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2816781532-1561410716-2593902748-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2816781532-1561410716-2593902748-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
 
==================== Restore Points =========================
 
17-07-2015 20:32:47 DLL-Files Fixer 週五, 七月 17, 15  20:32
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2015-06-26 11:45 - 00001197 ____N C:\Windows\system32\Drivers\etc\hosts
178.217.187.203     master.serwery.wiaderko.com
127.0.0.1 www.iobit.com 
127.0.0.1 www.asc55.iobit.com 
127.0.0.1                   systweak.com
127.0.0.1                   updateservice1.systweak.com
127.0.0.1                   www.systweak.com
127.0.0.1                   systemspeedup.systweak.com
127.0.0.1                   systweak.com/STCheckGenuineness
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00948B58-CDBA-4787-8DFA-F7AAC706F492} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {05232252-C7C2-4688-9F64-C55407F6ED1B} - System32\Tasks\{BA6374EB-D049-480E-B9D4-D888E014B05E} => pcalua.exe -a "C:\Windows\Downloaded Installations\Macromedia Fireworks 8\FW_Client_Installer.exe" -d "C:\Windows\Downloaded Installations\Macromedia Fireworks 8"
Task: {07ADC789-8579-43C3-8CB5-EC8B67B795CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {13C8AFA4-F016-4E92-9251-372B6E743801} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {147CE591-2839-4767-A7AC-0993A38C1D9B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-13] (Adobe Systems Incorporated)
Task: {1E04E2C2-50CA-4C33-A6A4-808C5776E247} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2816781532-1561410716-2593902748-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {1E4063E6-B222-475C-9054-FBB03BE5BE44} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {240B98ED-B6F3-421F-BF00-FF4841C83E4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {25C0A90E-986A-4090-A2F1-419C929F95DD} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {30747131-A9CC-4BE2-8C51-8EE0C0D5A819} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3794AA0E-66B1-4E8B-9F0C-81CD4B65E727} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-06-10] (IObit)
Task: {4002BD8B-8BAA-4D56-BE81-616805054B78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.)
Task: {427EC5F1-5CA0-4DC4-8496-021AA00B81D6} - System32\Tasks\Driver Booster SkipUAC (earlok) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-04-07] (IObit)
Task: {440BE4E1-C1C0-4A63-A86B-BD60140AA46E} - System32\Tasks\gg_uac_daemon_earlok => D:\game\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {47B55109-8104-4A72-B6E5-6CAB80BE1C89} - System32\Tasks\ASC8_SkipUac_earlok => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-06-16] (IObit)
Task: {4E17C71E-111F-419E-B07E-FAC9589EB764} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2816781532-1561410716-2593902748-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {5010AF9D-ED77-4FDA-A036-BC06E4CE3D83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.)
Task: {53807443-BB6A-464D-A8BC-E90D379265AC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {6672A908-4670-4F46-9646-7FF59DD32CE4} - System32\Tasks\gg_uac_daemon_CLLY => D:\game\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {718C7126-D75A-49E3-A250-185BE5662895} - System32\Tasks\DLL-Files FixerASKUSER => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {7A5F8C30-0EDB-422A-B9F5-DD04B7C427EB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-02] (Piriform Ltd)
Task: {8163B174-8C6E-4EAF-96F6-A8E052772243} - System32\Tasks\Microsoft Office 15 Sync Maintenance for earlok-PC-earlok earlok-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {8B7F7ECA-C527-439F-9383-415E1C5E5CB8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2816781532-1561410716-2593902748-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {9315E417-A6E9-4C46-A4D2-81B98E1AF683} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-05] (Adobe Systems Incorporated)
Task: {98E31EB1-8B3D-40E0-8E35-0ECAA033CFC6} - System32\Tasks\{B79B1E46-1684-4B2D-B1D1-D4CAE56C402C} => pcalua.exe -a "C:\Program Files (x86)\IObit\Advanced SystemCare 8\SecurityHole_Backup\KB2467173.exe" -d C:\Windows\system32 -c /quiet /norestart
Task: {A161729D-1CBC-403C-B3C6-D56B24461493} - System32\Tasks\gg_uac_daemon_LUI => D:\game\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {A2A56E52-4538-4775-BB39-2AFF49ACDC19} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {A9AA05D8-66E1-4392-9061-969840AD589C} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-03-30] (IObit)
Task: {B342CCD3-6CD6-4016-B288-E32321F5FB88} - System32\Tasks\{FF27E984-561F-4F31-8883-79393ED1E5DE} => pcalua.exe -a D:\Downloads\winhex\setup.exe -d D:\Downloads\winhex
Task: {C3DFC20A-EF37-4F63-8AA2-99DABF740CA8} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-04-07] (IObit)
Task: {C3EAB901-DAF3-40D8-A5C6-7C34B8A7B5CD} - System32\Tasks\HEU_KMS_Service_MONTHLY => C:\Windows\kmsonboot\HEU_KMS_Renewal.exe
Task: {C478F314-485D-43A6-979F-DAC2178BFB4F} - System32\Tasks\{7CD740CD-771F-449A-ABDF-DB2273591A2D} => pcalua.exe -a "C:\Program Files (x86)\BlueStacks\HD-RuntimeUninstaller.exe"
Task: {DED00F6A-BB65-4F05-9221-B22D81FACA66} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {E600F7BC-A7BD-41E5-A1F0-5CD0A10B0A1A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-03-25] ()
Task: {EE135BB1-A77C-4FEF-9209-84930803173F} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-04-07] (IObit)
Task: {F4E5493D-E9A5-472E-9D92-90D8CBDB3B68} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-05-26] (IObit)
Task: {F4E88FE8-A37D-4585-826E-D06E1F52A51F} - System32\Tasks\Uninstaller_SkipUac_earlok => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DLL-Files FixerASKUSER.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-08 01:59 - 2015-06-17 14:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-23 18:20 - 2014-11-07 09:06 - 01016104 _____ () C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe
2011-09-29 12:20 - 2011-09-29 12:20 - 02539520 _____ () D:\Yahoo!\KeyKey\KeyKeyServer.exe
2015-06-02 01:28 - 2015-06-02 01:28 - 00026624 _____ () C:\Program Files\CCleaner\lang\lang-1028.dll
2014-01-07 22:45 - 2015-07-01 20:42 - 09984960 _____ () D:\game\Garena Plus\GarenaMessenger.exe
2014-01-07 22:45 - 2015-07-07 19:40 - 06793664 _____ () D:\game\Garena Plus\bbtalk\BBtalk.exe
2014-01-07 22:45 - 2015-01-20 20:20 - 00055896 _____ () D:\game\Garena Plus\ggdllhost.exe
2014-11-21 21:59 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-04-09 15:33 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2014-01-08 14:53 - 2014-01-08 14:52 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll
2014-01-08 14:53 - 2014-01-08 14:52 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll
2015-06-07 21:26 - 2015-05-28 15:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-10-22 20:37 - 2015-03-27 15:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-10-22 20:37 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2014-11-21 21:59 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-11-21 21:59 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-11-21 21:59 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2014-01-07 22:45 - 2015-01-20 20:20 - 00111192 _____ () D:\game\Garena Plus\CommonLib.dll
2014-01-07 22:45 - 2015-07-14 18:26 - 00788416 _____ () D:\game\Garena Plus\ggspawn.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00040024 _____ () D:\game\Garena Plus\DibModule.dll
2014-01-07 22:45 - 2015-07-14 18:26 - 00034752 _____ () D:\game\Garena Plus\VersionModule.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00057944 _____ () D:\game\Garena Plus\FileLoader.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00093784 _____ () D:\game\Garena Plus\PluginKernel.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00493656 _____ () D:\game\Garena Plus\CxImage.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00031832 _____ () D:\game\Garena Plus\PluginModule.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00177240 _____ () D:\game\Garena Plus\lib\fs\YYFileSystem.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00380504 _____ () D:\game\Garena Plus\lib\Http.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00191064 _____ () D:\game\Garena Plus\lib\MP3Module.dll
2014-01-07 22:45 - 2012-02-22 16:52 - 00162304 _____ () D:\game\Garena Plus\lame_enc.DLL
2014-01-07 22:45 - 2015-01-20 20:20 - 00226392 _____ () D:\game\Garena Plus\lib\TaskManagerLib.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00112728 _____ () D:\game\Garena Plus\lib\UILayout.dll
2014-01-07 22:45 - 2015-05-27 12:47 - 00965056 _____ () D:\game\Garena Plus\lib\XLL.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00061528 _____ () D:\game\Garena Plus\lib\XmlUIModule.dll
2014-01-07 22:45 - 2012-02-22 16:52 - 00573100 _____ () D:\game\Garena Plus\sqlite3.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00231000 _____ () D:\game\Garena Plus\Plugins\StatsPlugin.dll
2014-01-07 22:45 - 2015-07-14 18:26 - 01263552 _____ () D:\game\Garena Plus\Plugins\ggplugin.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00199256 _____ () D:\game\Garena Plus\ImageModule.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00161880 _____ () D:\game\Garena Plus\libmpg123.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 02947672 _____ () D:\game\Garena Plus\ggdownloader.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00072280 _____ () D:\game\Garena Plus\lib\delay_load\AudioMixerLib.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00023128 _____ () D:\game\Garena Plus\lib\delay_load\ClientTcp.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 01551960 _____ () D:\game\Garena Plus\lib\delay_load\FileSender.dll
2014-01-07 22:45 - 2013-02-01 13:42 - 00153088 _____ () D:\game\Garena Plus\libzmq.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00962648 _____ () D:\game\Garena Plus\lib\delay_load\GaFileTransfer.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00251480 _____ () D:\game\Garena Plus\lib\delay_load\MediaEngine.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00032856 _____ () D:\game\Garena Plus\ServerMemAlloc.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00523352 _____ () D:\game\Garena Plus\lib\delay_load\RSALib.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00074840 _____ () D:\game\Garena Plus\lib\delay_load\UdtLib.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00153688 _____ () D:\game\Garena Plus\xIM.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00596568 _____ () D:\game\Garena Plus\xim\plugin_msn.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00467032 _____ () D:\game\Garena Plus\xim\plugin_xmpp.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00201304 _____ () D:\game\Garena Plus\xim\plugin_yahoo.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00107608 _____ () D:\game\Garena Plus\Plugins\PlatformPlugin.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00243288 _____ () D:\game\Garena Plus\Plugins\PluginNews.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00404056 _____ () D:\game\Garena Plus\Plugins\GarenaTalkPlugin.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00293464 _____ () D:\game\Garena Plus\Plugins\DailyTaskPlugin.dll
2014-01-07 22:45 - 2015-01-20 20:20 - 00222808 _____ () D:\game\Garena Plus\Plugins\GameSalePlugin.dll
2013-03-28 20:20 - 2013-03-28 20:20 - 00208008 _____ () C:\Program Files (x86)\TTPlayer\ttpcomm.dll
2013-03-28 20:21 - 2013-03-28 20:21 - 00042632 _____ () C:\Program Files (x86)\TTPlayer\AddIn\ttp_lrcsh.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00110680 _____ () D:\game\Garena Plus\bbtalk\CommonLib.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00069720 _____ () D:\game\Garena Plus\bbtalk\PluginKernel.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00039512 _____ () D:\game\Garena Plus\bbtalk\DibModule.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00388696 _____ () D:\game\Garena Plus\bbtalk\ImageModule.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00823896 _____ () D:\game\Garena Plus\bbtalk\gagmhook.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00047704 _____ () D:\game\Garena Plus\bbtalk\lollauncher.dll
2014-01-07 22:45 - 2015-07-07 19:41 - 00029632 _____ () D:\game\Garena Plus\bbtalk\VersionModule.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00454600 _____ () D:\game\Garena Plus\bbtalk\sqlite3.dll
2014-01-07 22:45 - 2015-02-11 15:55 - 02457024 _____ () D:\game\Garena Plus\bbtalk\Overlay.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00115288 _____ () D:\game\Garena Plus\bbtalk\lib\AudioMixerLib.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00036440 _____ () D:\game\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00431192 _____ () D:\game\Garena Plus\bbtalk\lib\exchndl.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00083544 _____ () D:\game\Garena Plus\bbtalk\lib\FileManager.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00059480 _____ () D:\game\Garena Plus\bbtalk\FileSystem.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00380504 _____ () D:\game\Garena Plus\bbtalk\lib\Http.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00053336 _____ () D:\game\Garena Plus\bbtalk\lib\InputHookLib.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00073304 _____ () D:\game\Garena Plus\bbtalk\InputHook.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00048216 _____ () D:\game\Garena Plus\bbtalk\lib\IPCLib.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00062040 _____ () D:\game\Garena Plus\bbtalk\lib\LangLib.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00096344 _____ () D:\game\Garena Plus\bbtalk\audiohost.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00141400 _____ () D:\game\Garena Plus\bbtalk\lib\MessagePumpLib.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00036952 _____ () D:\game\Garena Plus\bbtalk\lib\MP3Saver.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00244824 _____ () D:\game\Garena Plus\bbtalk\libmp3lame.DLL
2014-01-07 22:45 - 2015-01-16 12:27 - 01054296 _____ () D:\game\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00062552 _____ () D:\game\Garena Plus\bbtalk\lib\ResLib.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00105560 _____ () D:\game\Garena Plus\bbtalk\PngModule.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00134232 _____ () D:\game\Garena Plus\bbtalk\lib\TcpClient.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00143960 _____ () D:\game\Garena Plus\bbtalk\lib\UdpClient.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00117336 _____ () D:\game\Garena Plus\bbtalk\lib\UILayout.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00872536 _____ () D:\game\Garena Plus\bbtalk\lib\UILib.dll
2014-01-07 22:45 - 2015-01-16 12:27 - 00062040 _____ () D:\game\Garena Plus\bbtalk\lib\XmlUIModule.dll
2011-09-29 12:17 - 2011-09-29 12:17 - 00145408 _____ () C:\Windows\system32\KEYKEY.IME
2015-07-14 23:01 - 2015-07-14 05:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 23:01 - 2015-07-14 05:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-03-31 22:35 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2015-07-14 23:01 - 2015-07-14 05:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\Drivers\fbwnzmjx.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\luoknjsb.sys:changelist
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
 
There are 4790 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2816781532-1561410716-2593902748-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\earlok\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.185.0.35 - 203.185.0.36
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A0775A18-2E57-446D-B865-CB0F3A27278A}] => (Allow) D:\game\Garena Plus\ggdllhost.exe
FirewallRules: [{EF7F0F7D-10BE-4F11-B24D-B3420D81D4B3}] => (Allow) D:\game\Garena Plus\Room\garena_room.exe
FirewallRules: [{7760BD5F-9C28-4A64-97C3-A59A45D56871}] => (Allow) LPort=8370
FirewallRules: [{E9C742AA-45D9-4976-AB08-9AD33879137F}] => (Allow) LPort=8370
FirewallRules: [{22886F60-CBBD-46C7-B877-B5CDB764E8FA}] => (Allow) D:\game\GarenaLoLTW\GameData\Apps\LoLTW\Air\LolClient.exe
FirewallRules: [{8606D998-9389-47C8-8641-59329BE45AAD}] => (Allow) D:\game\GarenaLoLTW\GameData\Apps\LoLTW\Air\LolClient.exe
FirewallRules: [{5FA956E5-744E-46DD-B076-DADBEB346ECA}] => (Allow) D:\game\GarenaLoLTW\GameData\Apps\LoLTW\Game\League of Legends.exe
FirewallRules: [{298D99D9-34DA-4785-A6A4-4841DB5A4BE3}] => (Allow) D:\game\GarenaLoLTW\GameData\Apps\LoLTW\Game\League of Legends.exe
FirewallRules: [{016AB1E7-3690-420A-AE25-5CD9BA6E40D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6F6C115F-99B9-4143-97D5-B1683EF9A9F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{52B6AB2E-4405-4407-B317-E5089D00F245}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{08641C97-D2A6-4CC4-9CC5-C31601085FED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0EEA62DD-34FF-404E-8416-24ECD994E53C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CBCA4526-FE34-4006-B42B-2E3A2A7C95DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3E950D26-6CDC-4808-863B-4CFB0B984500}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CE35467A-1ED7-4C93-8311-D42B9513D48C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9B3364CF-BF2F-4129-8D5C-0346364B2B88}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderMPServer.exe
FirewallRules: [{2D0D90EA-B788-4041-9B87-A44DD9DFBBA6}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\speed_viewer_i.exe
FirewallRules: [{5CC4020F-0CC6-4AC9-A789-D3AD36DE41EE}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\lsp_check.exe
FirewallRules: [{21F7CD04-A510-4E4B-A4ED-FF54B43B8FDD}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderMPServer.exe
FirewallRules: [{26E6C6E8-1B71-43FB-9FB7-9498E909677A}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\lsp_check.exe
FirewallRules: [{E6046D00-BB0E-47FF-B1F8-052C6C17E315}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\speed_viewer_i.exe
FirewallRules: [{1371DE75-2413-431E-BA62-EDB8ED1323A1}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{E3BAAA14-C82A-41B2-BA81-CDCFC8E8290D}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{4E0AE42A-F3BD-46AB-88B0-7E58FC473942}] => (Allow) LPort=33673
FirewallRules: [{25BC295F-725A-4B0D-A2F3-565E7154C318}] => (Allow) LPort=33674
FirewallRules: [{12D74135-4238-4E82-B2F8-63AB867FE5E3}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TMP\Ver1\1.1.2.24_0\ThunderMPServer.exe
FirewallRules: [{53E9EB2E-C22B-4275-AA9C-335B2C5468BF}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TMP\Ver1\1.1.2.24_0\ThunderMPServer.exe
FirewallRules: [{86C6EEA7-DD37-4EAF-A53D-FBF91AD48743}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TMP\Ver1\1.1.2.24_0\XLBugReport.exe
FirewallRules: [{5C45C235-7879-48AE-89B7-5900172CDBFA}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TMP\Ver1\1.1.2.24_0\XLBugReport.exe
FirewallRules: [{AB680E98-C0B6-4B87-8C25-083C8B4BD0AA}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\lsp_check.exe
FirewallRules: [{E83B3185-F929-4B19-BA65-2E013A66C23A}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\lsp_check.exe
FirewallRules: [{04734085-33BC-47EB-A01A-8ADCA46A23CB}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\net_monitor_i.exe
FirewallRules: [{3C355152-A521-4B79-A814-C254558C175B}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\net_monitor_i.exe
FirewallRules: [{56ABB2A9-E0B8-4E3D-AF23-32BFF14DFC48}] => (Allow) LPort=8370
FirewallRules: [{D6479B7F-E831-4444-8187-A246FB9E869C}] => (Allow) LPort=8370
FirewallRules: [{1317C323-7C89-4F30-ACDD-859FDEE4A2D9}] => (Allow) D:\game\GarenaLoLTW\GameData\Apps\LoLTW\Air\LolClient.exe
FirewallRules: [{6A148CE8-0979-43C6-B303-1D597D43D422}] => (Allow) D:\game\GarenaLoLTW\GameData\Apps\LoLTW\Air\LolClient.exe
FirewallRules: [{319EDA1D-895E-45B0-9888-25CF033F903F}] => (Allow) D:\game\GarenaLoLTW\GameData\Apps\LoLTW\Game\League of Legends.exe
FirewallRules: [{66DAADD8-18FA-4B23-A012-D72643EFB90A}] => (Allow) D:\game\GarenaLoLTW\GameData\Apps\LoLTW\Game\League of Legends.exe
FirewallRules: [{EAC15F5E-616B-4E09-8A9E-453B825681DE}] => (Allow) C:\Program Files (x86)\RC語音\rcplugin.exe
FirewallRules: [{D92593A6-A1AA-485F-910F-B5179A46222E}] => (Allow) C:\Program Files (x86)\RC語音\rcplugin.exe
FirewallRules: [{FF4A87A6-68D1-485E-AC3F-52BACB364756}] => (Allow) C:\Program Files (x86)\RC語音\rcplugin.exe
FirewallRules: [{6D6CFB97-776B-4D14-97BF-799937A6F5CA}] => (Allow) C:\Program Files (x86)\RC語音\rcplugin.exe
FirewallRules: [{6E47BF8A-10E1-4CBE-B41D-9AA3C34D35D3}] => (Allow) LPort=7935
FirewallRules: [{D95562F2-A5FA-48F1-B399-C37203690EE9}] => (Allow) C:\Program Files (x86)\TTPlayer\TTPlayer.exe
FirewallRules: [{14921EDB-C528-432A-A10B-99A312734335}] => (Allow) C:\Program Files (x86)\TTPlayer\TTPlayer.exe
FirewallRules: [{26E096B6-2B0C-4E0B-A5F0-207CA79BA894}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{419923D2-718B-4ACD-A3B9-1AE6964F4EA7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7D00B40B-A78F-45F6-9D81-210F8175C888}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D26E68F2-346F-4853-AD42-7B006B3D3E0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F5701498-E3FA-4CF2-AFA7-5A8C352FE6DA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{47E2CD48-D2D6-4294-B75A-C2916FA36C6F}] => (Allow) LPort=2869
FirewallRules: [{D95EB328-78BC-4995-AB7C-317115AAB516}] => (Allow) LPort=1900
FirewallRules: [{179667BF-8B0C-41F2-9F42-52D9C658EEE6}] => (Allow) LPort=65000
FirewallRules: [{FB54FD29-AAEA-4F03-B554-2EF2249EBDF0}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{1783DB45-C75D-4211-B419-3CC906038352}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{D4C8A1F0-9AB8-4C44-B950-085C9943D6C8}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.246_1111\ThunderPlatform.exe
FirewallRules: [{B7D6393C-40A5-4894-84A6-CD5F5B439857}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.246_1111\ThunderPlatform.exe
FirewallRules: [{2183C490-EF1B-463C-9E32-EE3C6ECCB115}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.246_1111\XLBugReport.exe
FirewallRules: [{E563A2D6-D747-40F4-8AF7-E9A6A21B94EA}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.246_1111\XLBugReport.exe
FirewallRules: [TCP Query User{AE94DFC1-52B8-4D5E-9945-522E497F8D6C}D:\hkg cs1.6\hl.exe] => (Allow) D:\hkg cs1.6\hl.exe
FirewallRules: [UDP Query User{C060A952-2340-44DC-B9DB-8AA1F4D60656}D:\hkg cs1.6\hl.exe] => (Allow) D:\hkg cs1.6\hl.exe
FirewallRules: [{1A42F693-BE47-4658-BAC6-8F57626FAAA1}] => (Block) D:\hkg cs1.6\hl.exe
FirewallRules: [{9960FD42-209F-4BD5-BA3D-E3F46847A022}] => (Block) D:\hkg cs1.6\hl.exe
FirewallRules: [TCP Query User{66D9A145-51BD-48F1-B4F4-2882A8824633}D:\games\counter-strike\hl.exe] => (Allow) D:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{0CCEA932-0168-4B29-B210-C44FCAFC25B1}D:\games\counter-strike\hl.exe] => (Allow) D:\games\counter-strike\hl.exe
FirewallRules: [{D1CF4E28-BE13-4CDE-8A52-C699A5EE1F22}] => (Block) D:\games\counter-strike\hl.exe
FirewallRules: [{1EFE4F75-F045-4C83-BCE9-746E8324EC31}] => (Block) D:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{29F4215F-17F5-47B7-8D79-444556C41C03}D:\game\garena plus\garenamessenger.exe] => (Allow) D:\game\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{C21FEA35-375D-4293-A5AE-59907B50D0CB}D:\game\garena plus\garenamessenger.exe] => (Allow) D:\game\garena plus\garenamessenger.exe
FirewallRules: [{44CF0642-0553-438D-A00A-CCE92549518C}] => (Block) D:\game\garena plus\garenamessenger.exe
FirewallRules: [{1C04DF0A-F211-42D1-8327-8C0EF27E5894}] => (Block) D:\game\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{B66AAE63-B3C3-4488-8D15-AE1E365825D1}D:\counter-strike 1.6 3266\cstrike.exe] => (Allow) D:\counter-strike 1.6 3266\cstrike.exe
FirewallRules: [UDP Query User{12A7B594-4083-474F-B016-73692C26AE56}D:\counter-strike 1.6 3266\cstrike.exe] => (Allow) D:\counter-strike 1.6 3266\cstrike.exe
FirewallRules: [{0E0A87CC-4171-47DB-8CE7-72140A9DB524}] => (Block) D:\counter-strike 1.6 3266\cstrike.exe
FirewallRules: [{37E0A2F5-3AEF-4D53-A5A2-4FC993D24994}] => (Block) D:\counter-strike 1.6 3266\cstrike.exe
FirewallRules: [TCP Query User{4439C611-634C-4803-A881-7DB24B8B1159}D:\valve\hl.exe] => (Allow) D:\valve\hl.exe
FirewallRules: [UDP Query User{C43FF075-A007-48E9-8C94-70D08979267D}D:\valve\hl.exe] => (Allow) D:\valve\hl.exe
FirewallRules: [{50A25BAC-280C-4BF9-BF1F-52C229BEAFC8}] => (Block) D:\valve\hl.exe
FirewallRules: [{327BB7DB-A5DA-4E2A-B927-42B33CAD4624}] => (Block) D:\valve\hl.exe
FirewallRules: [TCP Query User{229B14F4-DFD4-4038-A6F3-2E3E72E85488}D:\hkg cs1.6 by c0re\hl.exe] => (Allow) D:\hkg cs1.6 by c0re\hl.exe
FirewallRules: [UDP Query User{C789C130-F7EA-4FED-BA0A-0530039C4503}D:\hkg cs1.6 by c0re\hl.exe] => (Allow) D:\hkg cs1.6 by c0re\hl.exe
FirewallRules: [{31345AFB-56F1-498E-82AA-44BC2FD52373}] => (Block) D:\hkg cs1.6 by c0re\hl.exe
FirewallRules: [{F43D2493-8E5B-427C-9DD4-5EDC2A994CB3}] => (Block) D:\hkg cs1.6 by c0re\hl.exe
FirewallRules: [{DECA2DB1-5B7A-458C-804E-E9CF74A0A629}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FD04AE0A-3E64-4CD7-8BA8-B3445762726E}] => (Block) D:\baidu\baiduyunguanjia\baiduyunguanjia.exe
FirewallRules: [{DCC18A3E-7968-4116-9E49-1C9E412622D9}] => (Block) D:\baidu\baiduyunguanjia\baiduyunguanjia.exe
FirewallRules: [TCP Query User{959CE2B0-D111-4B30-B57A-545053FA1AF7}D:\counter-strike global offensive junkies\csgo.exe] => (Block) D:\counter-strike global offensive junkies\csgo.exe
FirewallRules: [UDP Query User{49088477-EE5D-4F8A-BE71-273BDD1EC0C0}D:\counter-strike global offensive junkies\csgo.exe] => (Block) D:\counter-strike global offensive junkies\csgo.exe
FirewallRules: [{6C12F05F-C907-499F-B4F6-7E9D84B6E559}] => (Allow) C:\Users\Public\Thunder Network\KanKan\Pusher\XmpTipWnd.1.0.0.79.exe
FirewallRules: [{5B57FBAC-D989-475D-B675-C3446CE9BCA1}] => (Allow) C:\Users\Public\Thunder Network\KanKan\Pusher\XmpTipWnd.1.0.0.79.exe
FirewallRules: [{423365B5-EB48-479B-95B3-B42198AE26ED}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{69438365-DC5A-4445-B3F7-A352C6027724}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{26757A70-7029-4BB2-B8FD-B0854927E282}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C8C8405F-0700-4A4F-9D07-10B09412CB5C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E9F61647-237A-4D87-BE7E-EEB575142BE7}] => (Allow) D:\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{E8CE1AD7-CE8F-4EB1-9671-B8D34A9746F6}] => (Allow) D:\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{BC4DDB91-DE60-437D-8004-CB0E5E878E0A}C:\program files (x86)\ttplayer\ttplayer.exe] => (Block) C:\program files (x86)\ttplayer\ttplayer.exe
FirewallRules: [UDP Query User{F5B90A16-893F-4DB3-8F05-4F65854E04D4}C:\program files (x86)\ttplayer\ttplayer.exe] => (Block) C:\program files (x86)\ttplayer\ttplayer.exe
FirewallRules: [{C1E4C397-0DA8-42F6-AB9F-9CA06FF5FD94}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{28F2D5D9-A3C1-4123-8102-0C57296DF38C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{BC3FC92F-D96D-40C8-846F-393B34930671}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{4F3B24B9-4CF4-4B3A-8BF0-175AEB9C0C89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{C2EE8AC6-DFD6-40D6-98AD-0AC1C83550E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E7891B2A-A2FA-4781-9E4A-2D34F38DF2E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D0B05F5-0664-4D7B-816B-FC575793F805}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E69BF76-E05C-46C7-8E67-F1DF1CE2D30C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{DBD6B4DC-00EF-4633-8AD4-C349650F9006}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.246_1111\thunderplatform.exe] => (Block) C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.246_1111\thunderplatform.exe
FirewallRules: [UDP Query User{6264E111-337A-4C3C-A1B0-15B136673F52}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.246_1111\thunderplatform.exe] => (Block) C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.246_1111\thunderplatform.exe
FirewallRules: [{FD8C51AB-0E14-4CAC-A7FE-D38CCCC9B800}] => (Allow) D:\Gamania\Counter-Strike Online\Bin\cstrike-online.exe
FirewallRules: [{03709C7E-FACE-4C19-8AD2-04B872382D46}] => (Allow) D:\Gamania\Counter-Strike Online\Bin\cstrike-online.exe
FirewallRules: [{B71E92C0-CFAC-4C38-A71A-CC59C6E9246E}] => (Allow) D:\Gamania\Counter-Strike Online\Bin\NMService.exe
FirewallRules: [{ACE5D21B-CC62-4E11-A420-3E177CB4D397}] => (Allow) D:\Gamania\Counter-Strike Online\Bin\NMService.exe
FirewallRules: [TCP Query User{60790759-123B-42E1-BF59-C313BA34CB1D}D:\game\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\game\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{B3965DB3-1667-4E93-997D-E8499A91ED9B}D:\game\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\game\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{739DB94D-A30E-4258-8B7D-3557C770DE5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BD10246-1603-477C-8941-AFF0521CBB8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{93A1A677-B2D8-408F-B52C-981D7F310608}D:\counter-strike source beta\hl2.exe] => (Allow) D:\counter-strike source beta\hl2.exe
FirewallRules: [UDP Query User{7C1E9B9C-52A1-48E0-AB3E-CF63BB064550}D:\counter-strike source beta\hl2.exe] => (Allow) D:\counter-strike source beta\hl2.exe
FirewallRules: [{875E3CCA-339F-4757-B175-3ECF0A0DE189}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{4A46AAE6-0330-4324-B98F-E61310780BF3}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{A027A48F-B30B-4846-91EA-398811B5F2A6}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B0E4FA2A-A5E7-4922-84A7-DEED7FD365A7}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CE022E9A-D632-46D0-ACA3-0A5F1AEB3E35}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{F87930E1-74D0-4F8F-82E8-1E699E4D70FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B9167543-300F-44D0-9735-2382BEDEF76D}] => (Allow) D:\SimCity.5.Digital.Deluxe.Edition.Incl.ALL.DLC.CHT.FIXED-ALI213\SimCity\SimCity.exe
FirewallRules: [{872A391B-CA13-431A-A6CC-A3CB6EE2865B}] => (Allow) D:\SimCity.5.Digital.Deluxe.Edition.Incl.ALL.DLC.CHT.FIXED-ALI213\SimCity\SimCity.exe
FirewallRules: [{30B27FE4-9CE5-4336-A449-94C085030F39}] => (Allow) D:\LINE\LINE.exe
FirewallRules: [{EADDA14D-377E-4DE6-89B0-B73AAF1345D4}] => (Allow) D:\LINE\LINE.exe
FirewallRules: [{072326DA-A824-4341-9380-E243E3FCF732}] => (Allow) D:\BitComet\BitComet.exe
FirewallRules: [{EFA80748-BD8D-4B2C-BEFF-6691CBE7C426}] => (Allow) D:\BitComet\BitComet.exe
FirewallRules: [{3F493FFD-1835-46B0-9195-EDE2D67493B2}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{C960E0B0-5FAF-4CC7-BB51-76A7D56CCCFB}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{B4FB0B25-A479-4598-BA09-CDB216F50E24}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{66E1AC8A-E324-4F99-9588-A3879B5CC5BC}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{A30E3878-7938-45AC-943D-FF7FCDF5EB25}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{A1F36ECA-E10E-4244-A545-C6B289A0CD87}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{B64943C5-E324-444B-81D1-8F10FC68917A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C2C62778-DEB1-4CCF-935A-3B71EC1125F9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8383928B-22EF-4128-AB64-EF5A1C1993D8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{41700389-CD39-4A98-8060-2337E43B01C9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{30FB19DD-02AB-4D13-96DC-6E5BDD5E8267}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A1307915-1EFF-458E-AFB5-732D782879D7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F830EF34-B40A-42C0-A7CF-9A1F17658F27}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{84DBCFD8-347C-4120-92D8-6CC46F731E29}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{FAD064B3-E694-4B51-92E3-6A3B997DBCB1}C:\program files (x86)\thedeath heat project\lithtech.exe] => (Allow) C:\program files (x86)\thedeath heat project\lithtech.exe
FirewallRules: [UDP Query User{A125C972-3D65-4B0C-BF00-622DE7E6504B}C:\program files (x86)\thedeath heat project\lithtech.exe] => (Allow) C:\program files (x86)\thedeath heat project\lithtech.exe
FirewallRules: [{25014521-672E-43FD-BB87-D78AF96CD7C2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7320D340-B5E4-47FC-8EF0-F1ECFD2B8243}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D2EA08BA-B034-4B8D-9EF6-11AAD086BF7A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A9C6643D-C55D-415E-804A-F2FBA5CD243E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{746E3C21-B92E-4677-8838-E2893569410F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A516ED70-349B-4E46-A0F2-21A0E7A8D0A0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5490B297-CE8E-4DAB-AC20-3DB663E8234C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{89633858-B965-4869-976B-6E24F3CED57E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{01C7851D-2EC7-4A07-A805-F33612BD1A3C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{00D1A78F-296B-4429-8D61-923E45F2C71E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{12AAB3ED-DD34-462E-B661-60DE80E47FD6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DD1A2FA9-7783-4802-9005-60EEE956CC8D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AB733F08-091E-4B48-A72E-DC1E7514D3BB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CA26CC30-5CDD-4F60-8816-BC4DB4ADE3C7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AA3D29A1-4FB9-4974-A46B-A05CADF818EF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A6A8C844-2B33-41BC-A6C6-131EA285D645}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4A3D4236-DA52-49FA-BCAF-349B1B595733}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E5B508F3-5F10-4B84-9E64-25FC4E7C1870}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{C7238143-558C-4574-9118-0CA8D855DC86}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{B115FC0D-BAE3-4CA7-AB61-0C804BE72350}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{5D0A988F-36E8-40C7-A557-E98AA6AB2F48}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EECEC84C-3E87-4CFC-B7CB-46DD0510E485}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8C463954-29E0-4C38-9E7E-C03C7F844B3D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B519D701-95FF-43E6-B072-5EEC1E2A2289}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E1CE1D50-5810-4937-8D6F-F3B9D1D3EE33}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8F22F491-BDC2-449B-99FF-9850A7E5A7F4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{96A02D96-2CF0-4499-931E-605FD21E4097}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7D9278EB-BBCA-4296-8A01-DAF39E97CE29}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E20CC8D8-C630-4598-9CA9-90E13850B945}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EA3EE5B9-54EB-444E-8802-01492C767F72}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D20ECEEA-9D4A-4539-91B5-B2540E3B8398}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6F4F76BE-0379-4D3C-85A4-15AE556CE263}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{85E4FE01-3F7C-47A1-B1EB-2D62EE297D67}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{08ED04B0-586D-440F-BF25-AAED5B85D26E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{07EF3CAA-8F38-43D4-BE42-C9F795E06D39}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{20EE3DF6-E931-4633-BAB2-CAECA1E78A54}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7EDF04F7-C838-420F-8141-1268F8636BAB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6694E9C7-536B-4DA2-B19A-59341C0A4E35}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{196DFA35-08ED-4F06-9236-AB132CCCB135}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E2EA2F10-85A9-4452-B956-5BBA29D73EA8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{25304E7D-A8D8-4EA2-8F15-CEEC85E3E47C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF6376AD-1AEE-4558-BECA-26DF124B9C72}] => (Allow) D:\Mozilla Firefox\firefox.exe
FirewallRules: [{681DB101-425D-4AB7-8FBB-80C50BEDEBB8}] => (Allow) D:\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CC086C64-DBBC-42DE-921B-56526869A0D9}D:\counter strike 1.6_others\heat project\cstrike.exe] => (Allow) D:\counter strike 1.6_others\heat project\cstrike.exe
FirewallRules: [UDP Query User{E7083B80-303E-4896-8A82-4B07BC27FC72}D:\counter strike 1.6_others\heat project\cstrike.exe] => (Allow) D:\counter strike 1.6_others\heat project\cstrike.exe
FirewallRules: [TCP Query User{854A49B6-B802-4441-98FF-8AA82AB4E064}D:\counter strike 1.6_others\heat project\hl.exe] => (Allow) D:\counter strike 1.6_others\heat project\hl.exe
FirewallRules: [UDP Query User{94D277C2-E41C-44D4-966B-95DDAA31BD79}D:\counter strike 1.6_others\heat project\hl.exe] => (Allow) D:\counter strike 1.6_others\heat project\hl.exe
FirewallRules: [TCP Query User{D1A0F442-09A4-45B3-9A74-C1A96E18AAB4}D:\cs1.6others\hp\hl.exe] => (Allow) D:\cs1.6others\hp\hl.exe
FirewallRules: [UDP Query User{A5618FCF-AAB8-4144-BC17-157088389707}D:\cs1.6others\hp\hl.exe] => (Allow) D:\cs1.6others\hp\hl.exe
FirewallRules: [TCP Query User{637C29C3-EDFC-44C4-8E9B-BE64F1C4F04A}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [UDP Query User{24348DCD-8FB4-43AE-B00E-E39914A4F778}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [{33008668-D324-4609-80AE-149A8CF2C680}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{02C711E6-9AC6-4036-9291-1CF6A5F9EAA7}] => (Allow) LPort=22277
FirewallRules: [{D26424AB-EA0B-415D-805C-A6F7B200F1D3}] => (Allow) LPort=22277
FirewallRules: [{F9634089-5F4A-4B85-B84E-15BBD0BA034D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{51FB4D29-2405-4E1F-96C7-7F782B3A2BCA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B709F256-F9D5-4973-A345-5EF0321458F1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2BC48FCA-5A2E-449E-8E2A-C35B36EABF9B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9B080C82-0C98-47EE-8F4A-F7C591F8C4E8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D40ABF3F-7FCA-457F-B642-407E323F0D9C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
 
==================== Faulty Device Manager Devices =============
 
Name: HWiNFO32/64 Kernel Driver
Description: HWiNFO32/64 Kernel Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HWiNFO32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/17/2015 07:59:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2015 07:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 43.0.2357.134, time stamp: 0x55a4072f
Faulting module name: chrome.dll, version: 43.0.2357.134, time stamp: 0x55a4037a
Exception code: 0x80000003
Fault offset: 0x00027a97
Faulting process id: 0x11a8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (07/17/2015 07:33:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Files (x86)\Dll-Files.com Fixer\DLLFixer.exe" -rem; Description = DLL-Files Fixer 週五, 七月 17, 15  19:10; Error = 0x81000101).
 
Error: (07/17/2015 05:52:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2015 05:37:22 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.
 
Error: (07/17/2015 05:36:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2015 02:46:25 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: 控制代碼無效。
 
Error: (07/17/2015 02:46:24 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: 控制代碼無效.
 
Error: (07/16/2015 02:23:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 02:20:07 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: 控制代碼無效.
 
 
System errors:
=============
Error: (07/17/2015 08:14:57 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (07/17/2015 07:59:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (重新啟動服務) after the unexpected termination of the User Profile Service service, but this action failed with the following error: 
%%1056
 
Error: (07/17/2015 07:59:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (重新啟動服務) after the unexpected termination of the Computer Browser service, but this action failed with the following error: 
%%1056
 
Error: (07/17/2015 07:58:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (重新啟動服務) after the unexpected termination of the Server service, but this action failed with the following error: 
%%1056
 
Error: (07/17/2015 07:57:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: 重新啟動服務.
 
Error: (07/17/2015 07:57:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: 重新啟動服務.
 
Error: (07/17/2015 07:57:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: 重新啟動服務.
 
Error: (07/17/2015 07:57:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: 重新啟動服務.
 
Error: (07/17/2015 07:57:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: 重新啟動服務.
 
Error: (07/17/2015 07:57:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: 重新啟動服務.
 
 
Microsoft Office:
=========================
Error: (07/17/2015 07:59:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2015 07:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.13455a4072fchrome.dll43.0.2357.13455a4037a8000000300027a9711a801d0c0819e52d332C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\chrome.dllfe864903-2c7a-11e5-b1a7-00ac954d7282
 
Error: (07/17/2015 07:33:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Files (x86)\Dll-Files.com Fixer\DLLFixer.exe" -remDLL-Files Fixer 週五, 七月 17, 15  19:100x81000101
 
Error: (07/17/2015 05:52:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2015 05:37:22 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/17/2015 05:36:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2015 02:46:25 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: 控制代碼無效.
 
Error: (07/17/2015 02:46:24 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: 控制代碼無效.
 
Error: (07/16/2015 02:23:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 02:20:07 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: 控制代碼無效.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-28 11:04:47.523
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBAUDIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-28 11:04:47.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBAUDIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-28 10:20:40.669
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBAUDIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-28 10:20:40.411
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBAUDIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-27 19:50:55.515
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBAUDIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-27 19:50:55.230
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBAUDIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-27 19:48:55.173
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBAUDIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-27 19:48:54.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBAUDIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-27 12:36:03.930
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBAUDIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-27 12:36:03.578
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBAUDIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 65%
Total physical RAM: 4095.18 MB
Available physical RAM: 1414.84 MB
Total Virtual: 8188.57 MB
Available Virtual: 4475.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:99.9 GB) (Free:2.95 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:365.76 GB) (Free:79.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 69039B0C)
Partition 1: (Active) - (Size=99.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=365.8 GB) - (Type=07 NTFS)
 
==================== End of log ============================

Edited by luilok12, 17 July 2015 - 12:38 PM.


#6 luilok12

luilok12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 17 July 2015 - 11:29 AM

 

Edited by luilok12, 17 July 2015 - 12:39 PM.


#7 luilok12

luilok12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 17 July 2015 - 11:54 AM

Ignore this post. Delete it.


Edited by luilok12, 17 July 2015 - 12:40 PM.


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 19 July 2015 - 04:04 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 04 August 2015 - 02:03 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users