Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected PC - fake svchost.exe


  • This topic is locked This topic is locked
16 replies to this topic

#1 sephrik

sephrik

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 06 October 2015 - 10:48 PM

Hi,

 

I have been experiencing very slow bootup (after login, takes about 10+ extra minutes to fully load) for the past month or so. My GMail has found suspicious activity around the same time. After checking the Task Manager, I found an empty process that is constantly using up 80%+ CPU and lots of memory, checked the process and it's an svchost.exe file found in C:/Windows/Temp.

 

I am on Windows 8.1 (64-bit).

 

I'm pretty sure it's malware. I hope I have the right forum category, may I get assistance?

 

Thanks in advance.


Edited by sephrik, 06 October 2015 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 PM

Posted 07 October 2015 - 02:36 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 sephrik

sephrik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 07 October 2015 - 02:59 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by DaHua (administrator) on DAHUA-ULTRABOOK (07-10-2015 14:38:54)
Running from D:\Downloads
Loaded Profiles: DaHua (Available Profiles: DaHua & UpdatusUser)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\dexpot.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\Dexpot64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\plugins\DexControl.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\plugins\Dexgrid.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\DFX\DFX.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
() C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Balsamiq Mockups\Balsamiq Mockups.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
() C:\Program Files (x86)\Messenger for Desktop\Messenger.exe
() C:\Program Files (x86)\Messenger for Desktop\Messenger.exe
() C:\Program Files (x86)\Messenger for Desktop\Messenger.exe
() C:\Program Files (x86)\Messenger for Desktop\Messenger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-09-20] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-13] (Avast Software s.r.o.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1131880 2013-01-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2014-11-20] (VMware, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\Run: [SkyDrive] => C:\Users\DaHua\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-10-28] (Microsoft Corporation)
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\Run: [Facebook Update] => C:\Users\DaHua\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-01] (Facebook Inc.)
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\Run: [Spotify Web Helper] => C:\Users\DaHua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-16] (Spotify Ltd)
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\Run: [Dropbox Update] => C:\Users\DaHua\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-07] (Dropbox, Inc.)
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\MountPoints2: {4b860351-871a-11e4-800b-6036ddac5886} - "F:\NokiaPCIA_Autorun.exe" 
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\MountPoints2: {4b8603ab-871a-11e4-800b-6036ddac5886} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\drivers\setup.exe
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\MountPoints2: {8c4cfa7f-cf13-11e4-80b0-6036ddac5886} - "H:\LG_PC_Programs.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-13] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
Startup: C:\Users\DaHua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{107C0E0B-BDFA-4FB4-B429-8D79587E2D5D}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{59EFF583-B5E0-4155-B4C9-8D40800ADBC5}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-296347350-2390120195-578779420-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-296347350-2390120195-578779420-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-13] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-13] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-296347350-2390120195-578779420-1007 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\DaHua\AppData\Roaming\Mozilla\Firefox\Profiles\k452k9vt.default-1422465732783
FF Homepage: hxxp://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll [2015-04-27] ()
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll [2015-04-27] (Unauthorized copy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\GarenaLoL\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-296347350-2390120195-578779420-1007: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\DaHua\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-10] (Nullsoft, Inc.)
FF Extension: Firebug - C:\Users\DaHua\AppData\Roaming\Mozilla\Firefox\Profiles\k452k9vt.default-1422465732783\Extensions\firebug@software.joehewitt.com.xpi [2015-03-12]
FF Extension: Adblock Plus - C:\Users\DaHua\AppData\Roaming\Mozilla\Firefox\Profiles\k452k9vt.default-1422465732783\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-22]
FF Extension: Greasemonkey - C:\Users\DaHua\AppData\Roaming\Mozilla\Firefox\Profiles\k452k9vt.default-1422465732783\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-04-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.kh/
CHR StartupUrls: Default -> "hxxp://google.com.kh/"
CHR NewTab: Default -> "chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR Profile: C:\Users\DaHua\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Advanced Font Settings) - C:\Users\DaHua\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2015-07-14]
CHR Extension: (Adblock Plus) - C:\Users\DaHua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-16]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\DaHua\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-07-13]
CHR Extension: (Avast Online Security) - C:\Users\DaHua\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-17]
CHR Extension: (TweetDeck by Twitter) - C:\Users\DaHua\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-13]
CHR Extension: (Momentum) - C:\Users\DaHua\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-07-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\DaHua\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DaHua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-23]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-13] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-13] (Avast Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-29] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-09-20] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730560 2014-11-20] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [50408 2015-04-23] (Microsoft Corporation)
S3 wampapache; C:\WAMP\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; C:\WAMP\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-29] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-13] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-13] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-13] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-13] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-13] ()
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-17] (ASUS Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [97680 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-10-25] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Grand; C:\Windows\System32\drivers\GrandUsb.sys [76968 2015-09-01] (SafeNet Inc.)
R2 HOSTNT; C:\WINDOWS\system32\drivers\hostnt.sys [13864 2015-09-01] (SafeNet, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-29] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-09] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2014-09-15] (Splashtop Inc.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows ® Win 7 DDK provider)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-13] (Avast Software)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2014-11-17] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows ® Win 7 DDK provider)
S3 GGSAFERDriver; \??\C:\GarenaLoL\GameData\Room\safedrv.sys [X]
U3 kfxyiuog; \??\C:\Users\DaHua\AppData\Local\Temp\kfxyiuog.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 10:30 - 2015-10-07 14:39 - 00000000 ____D C:\FRST
2015-10-07 10:19 - 2015-10-07 10:25 - 00002072 _____ C:\Users\DaHua\Desktop\Rkill.txt
2015-10-07 10:13 - 2015-10-07 10:13 - 00000000 ____D C:\Users\DaHua\Documents\Splashtop Whiteboard
2015-10-07 10:13 - 2015-10-07 10:13 - 00000000 ____D C:\Users\DaHua\Documents\Splashtop Presenter
2015-10-05 16:33 - 2015-10-05 16:33 - 00000000 ____D C:\Python27
2015-10-05 16:33 - 2015-10-05 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2015-10-05 16:31 - 2015-10-05 16:31 - 00001000 _____ C:\Users\DaHua\Desktop\IDA Pro (64-bit).lnk
2015-10-05 16:31 - 2015-10-05 16:31 - 00000988 _____ C:\Users\DaHua\Desktop\IDA Pro (32-bit).lnk
2015-10-05 16:31 - 2015-10-05 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDA Pro
2015-10-05 16:30 - 2015-10-05 16:31 - 00000000 ____D C:\Program Files (x86)\IDA 6.5
2015-10-04 22:11 - 2015-10-04 22:11 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-29 10:53 - 2015-09-29 10:53 - 00001653 _____ C:\Users\DaHua\Desktop\Diablo 3 SE.lnk
2015-09-27 15:04 - 2015-09-27 15:04 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebPlugin
2015-09-27 15:04 - 2015-09-27 15:04 - 00000000 ____D C:\Program Files (x86)\webrec
2015-09-27 11:23 - 2015-09-27 11:23 - 00000915 _____ C:\Users\DaHua\Desktop\Modio 3.lnk
2015-09-22 18:36 - 2015-09-22 18:50 - 00000000 ____D C:\Modio 3.0
2015-09-22 18:33 - 2015-09-22 18:33 - 00000000 ____D C:\Users\DaHua\AppData\Local\CKY
2015-09-22 18:24 - 2015-09-22 18:48 - 00000000 ____D C:\Users\DaHua\Documents\DaHua Diablo III Game Save
2015-09-22 18:06 - 2015-09-22 18:29 - 00000000 ____D C:\Program Files (x86)\Modio 5
2015-09-22 18:06 - 2015-09-22 18:06 - 00000993 _____ C:\Users\Public\Desktop\Modio 5.lnk
2015-09-22 18:06 - 2015-09-22 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modio 5
2015-09-09 21:17 - 2015-09-09 21:17 - 00000408 _____ C:\WINDOWS\PFRO.log
2015-09-09 17:03 - 2015-09-09 17:03 - 00001582 _____ C:\Users\DaHua\Desktop\IDA Pro.lnk
2015-09-09 17:03 - 2015-09-09 17:03 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\Hex-Rays
2015-09-09 17:02 - 2015-09-09 17:02 - 00000925 _____ C:\Users\DaHua\Desktop\Win-xKill.lnk
2015-09-09 16:23 - 2015-09-09 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDA PRO Advanced Edition
2015-09-09 16:19 - 2015-09-09 16:23 - 00000000 ____D C:\Program Files (x86)\IDA PRO Advanced Edition
2015-09-09 15:59 - 2015-09-09 15:59 - 00000000 ____D C:\Users\DaHua\Documents\WindowsPowerShell
2015-09-09 15:59 - 2015-09-09 15:59 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\psget
2015-09-09 15:34 - 2015-09-09 15:35 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js
2015-09-09 15:34 - 2015-09-09 15:35 - 00000000 ____D C:\Program Files (x86)\nodejs
2015-09-09 09:30 - 2015-08-27 09:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 09:30 - 2015-08-27 01:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 09:30 - 2015-08-26 21:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 09:30 - 2015-08-26 21:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 09:30 - 2015-08-26 21:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 09:30 - 2015-08-26 21:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 09:30 - 2015-08-26 21:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 09:29 - 2015-08-27 01:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 09:29 - 2015-08-27 01:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 09:29 - 2015-08-27 01:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 09:29 - 2015-08-26 21:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 09:29 - 2015-08-26 21:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 09:22 - 2015-09-03 09:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 09:22 - 2015-09-03 09:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 09:22 - 2015-09-03 01:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 09:22 - 2015-09-03 00:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 09:22 - 2015-08-23 01:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 09:22 - 2015-08-23 00:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 09:22 - 2015-08-23 00:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 09:22 - 2015-08-23 00:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 09:22 - 2015-08-22 23:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 09:22 - 2015-08-22 23:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 09:22 - 2015-08-22 23:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 09:22 - 2015-08-22 23:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 09:22 - 2015-08-22 23:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 09:22 - 2015-07-31 00:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 09:22 - 2015-07-30 23:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 09:22 - 2015-07-22 21:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 09:22 - 2015-07-22 20:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 09:22 - 2015-07-17 21:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 09:22 - 2015-07-17 21:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 09:22 - 2015-06-27 18:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 09:21 - 2015-08-23 00:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 09:21 - 2015-08-23 00:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 09:21 - 2015-08-22 23:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 09:21 - 2015-08-22 23:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 09:21 - 2015-08-22 23:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 09:21 - 2015-08-22 23:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 09:21 - 2015-08-22 23:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 09:21 - 2015-08-22 23:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 09:21 - 2015-08-22 23:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 09:21 - 2015-08-22 23:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 09:21 - 2015-08-22 23:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 09:21 - 2015-08-22 23:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 09:21 - 2015-08-22 23:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 09:21 - 2015-08-22 23:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 09:21 - 2015-08-22 23:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 09:21 - 2015-08-22 23:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 09:21 - 2015-08-22 23:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 09:21 - 2015-08-22 23:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 09:21 - 2015-08-22 22:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 09:21 - 2015-08-22 22:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 09:19 - 2015-09-02 09:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 09:19 - 2015-08-04 04:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 09:19 - 2015-08-04 04:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 09:19 - 2015-08-01 21:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 09:19 - 2015-08-01 10:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 09:19 - 2015-08-01 10:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 09:19 - 2015-08-01 10:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 09:19 - 2015-08-01 10:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 09:19 - 2015-08-01 10:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 09:19 - 2015-07-22 21:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 09:19 - 2015-07-22 21:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 09:19 - 2015-07-22 21:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 09:19 - 2015-07-22 21:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 09:19 - 2015-07-19 01:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 09:19 - 2015-07-19 01:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 09:19 - 2015-07-19 01:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 09:19 - 2015-07-19 01:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 09:19 - 2015-07-14 02:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-09 09:19 - 2015-07-09 23:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-09 09:19 - 2015-07-04 04:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 09:19 - 2015-07-03 21:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 09:19 - 2015-06-20 00:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-09 09:18 - 2015-09-02 09:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 09:18 - 2015-09-02 09:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 09:18 - 2015-09-02 09:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 09:18 - 2015-09-02 09:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 09:18 - 2015-07-14 10:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-09 09:18 - 2015-07-11 02:06 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-08 15:09 - 2015-09-08 15:09 - 00000000 ____D C:\Users\DaHua\AppData\Local\bower
2015-09-07 19:11 - 2015-10-07 10:00 - 01367990 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-07 19:08 - 2015-10-07 09:44 - 00018942 _____ C:\WINDOWS\setupact.log
2015-09-07 19:08 - 2015-09-07 19:08 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-07 14:49 - 2015-09-07 14:49 - 00001016 _____ C:\Users\DaHua\Desktop\DJ Launcher.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 14:32 - 2013-10-25 14:57 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-07 14:06 - 2015-06-07 11:55 - 00000950 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007UA.job
2015-10-07 14:00 - 2013-11-05 03:18 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\Skype
2015-10-07 14:00 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-07 13:47 - 2014-03-13 22:09 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-07 13:29 - 2014-04-01 09:24 - 00000960 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007UA.job
2015-10-07 12:04 - 2013-10-26 14:50 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-296347350-2390120195-578779420-1007
2015-10-07 11:06 - 2015-06-07 11:55 - 00000898 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007Core.job
2015-10-07 10:50 - 2014-10-16 03:20 - 00000000 ____D C:\AdwCleaner
2015-10-07 10:13 - 2014-09-25 12:44 - 00000000 ____D C:\Program Files (x86)\Splashtop
2015-10-07 09:48 - 2015-08-19 10:46 - 00001164 _____ C:\Users\DaHua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2015-10-07 09:48 - 2015-08-19 10:46 - 00000000 ____D C:\Users\DaHua\AppData\Local\Messenger
2015-10-07 09:01 - 2013-10-26 14:45 - 00000000 ___RD C:\Users\DaHua\Dropbox
2015-10-07 08:51 - 2015-09-04 22:24 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F8DB5244-2756-48B0-ADCD-37D14AA10860}
2015-10-07 08:47 - 2014-03-13 22:08 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-07 08:46 - 2013-10-26 14:44 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\Dropbox
2015-10-07 08:44 - 2013-12-25 11:44 - 00000649 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-10-07 08:43 - 2015-04-10 14:06 - 00000000 ____D C:\ProgramData\VMware
2015-10-07 08:42 - 2013-08-22 21:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-06 23:39 - 2013-08-22 20:25 - 01310720 ___SH C:\WINDOWS\system32\config\BBI
2015-10-06 22:44 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-06 22:29 - 2014-04-01 09:24 - 00000938 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007Core.job
2015-10-06 20:59 - 2013-10-26 16:59 - 00000000 ____D C:\Users\DaHua\.android
2015-10-06 20:41 - 2013-10-26 21:31 - 00000000 ____D C:\Users\DaHua\AppData\Local\Eclipse
2015-10-06 20:41 - 2013-10-26 01:23 - 00000000 ____D C:\eclipse
2015-10-06 16:44 - 2013-10-29 04:49 - 00000132 _____ C:\Users\DaHua\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-10-06 14:37 - 2015-07-13 09:47 - 00000000 ____D C:\Users\DaHua\Documents\WE Bridge Technologies
2015-10-02 08:29 - 2013-11-13 11:52 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-01 20:36 - 2013-08-22 21:44 - 05531080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-30 20:37 - 2014-07-23 14:10 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\LolClient
2015-09-30 08:29 - 2013-10-26 13:55 - 00000000 ____D C:\Users\DaHua\AppData\Local\Packages
2015-09-29 10:57 - 2013-11-15 07:23 - 00000000 ____D C:\Users\DaHua\Documents\eBooks
2015-09-29 10:56 - 2013-10-26 13:42 - 00000000 ____D C:\Users\DaHua\Documents\Text Files
2015-09-29 10:53 - 2014-12-19 10:51 - 00000000 ____D C:\Users\DaHua\Documents\Software
2015-09-25 13:52 - 2014-03-13 22:12 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-22 20:12 - 2012-07-26 14:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-22 18:12 - 2014-03-18 17:03 - 00918834 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-22 17:33 - 2013-10-25 14:57 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-19 08:30 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-18 17:07 - 2014-03-18 16:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-18 17:07 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-15 11:57 - 2013-10-28 22:32 - 00000000 ____D C:\Users\DaHua\Documents\Code Frameworks
2015-09-15 08:42 - 2014-03-13 22:09 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 08:42 - 2014-03-13 22:08 - 00003666 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 08:18 - 2013-08-22 22:38 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 08:18 - 2013-08-22 22:38 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-15 08:14 - 2014-12-12 23:55 - 00000000 ____D C:\Program Files (x86)\Razer
2015-09-12 08:27 - 2014-03-13 22:08 - 00000000 ____D C:\Users\DaHua\AppData\Local\Google
2015-09-11 10:00 - 2013-11-13 12:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-11 10:00 - 2013-10-25 19:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-11 09:48 - 2012-07-26 12:26 - 00000199 _____ C:\WINDOWS\win.ini
2015-09-10 15:28 - 2015-07-25 21:50 - 00000000 ____D C:\Users\DaHua\AppData\Local\atom
2015-09-10 15:27 - 2015-07-25 21:50 - 00002165 _____ C:\Users\DaHua\Desktop\Atom.lnk
2015-09-10 15:27 - 2015-07-25 21:50 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-09-10 14:59 - 2014-04-17 11:08 - 00000000 ____D C:\Users\DaHua
2015-09-10 14:54 - 2015-07-25 21:50 - 00000000 ____D C:\Users\DaHua\AppData\Local\SquirrelTemp
2015-09-10 14:33 - 2013-10-26 13:42 - 00000000 ____D C:\Users\DaHua\Documents\Web Development
2015-09-09 15:36 - 2014-03-13 20:13 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\npm
2015-09-09 09:13 - 2013-10-25 15:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 16:58 - 2014-03-13 20:17 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\npm-cache
2015-09-08 15:07 - 2014-03-17 17:44 - 00000000 ____D C:\Users\DaHua\Documents\Developer's Sandbox
2015-09-08 14:48 - 2013-11-06 10:53 - 00000000 ____D C:\Users\DaHua\VirtualBox VMs
2015-09-08 14:48 - 2013-11-06 10:48 - 00000000 ____D C:\Users\DaHua\.VirtualBox
2015-09-08 14:46 - 2013-08-22 22:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-08 14:44 - 2015-01-04 22:47 - 00000000 ____D C:\Program Files (x86)\Torchlight II
2015-09-08 14:37 - 2015-04-10 14:12 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\VMware
2015-09-08 14:37 - 2015-04-10 14:12 - 00000000 ____D C:\Users\DaHua\AppData\Local\VMware
2015-09-07 15:28 - 2015-01-23 18:08 - 00000000 ____D C:\Users\DaHua\AppData\Roaming\Winamp
2015-09-07 08:37 - 2015-08-24 11:14 - 00000000 ____D C:\Users\DaHua\AppData\Local\Axure
 
==================== Files in the root of some directories =======
 
2013-10-29 04:49 - 2015-10-06 16:44 - 0000132 _____ () C:\Users\DaHua\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-04 04:50 - 2013-12-04 04:52 - 0000257 _____ () C:\Users\DaHua\AppData\Roaming\turing.ini
2013-12-04 04:50 - 2015-01-06 16:30 - 0000027 _____ () C:\Users\DaHua\AppData\Roaming\turing_files.ini
2014-09-30 19:34 - 2014-09-30 19:34 - 0190080 _____ () C:\Users\DaHua\AppData\Local\ars.cache
2014-09-30 19:34 - 2014-09-30 19:34 - 0121354 _____ () C:\Users\DaHua\AppData\Local\census.cache
2014-09-30 19:20 - 2014-09-30 19:20 - 0000036 _____ () C:\Users\DaHua\AppData\Local\housecall.guid.cache
2013-10-28 21:32 - 2015-04-27 14:31 - 0000600 _____ () C:\Users\DaHua\AppData\Local\PUTTY.RND
2014-09-30 19:29 - 2014-09-30 19:29 - 0000010 _____ () C:\Users\DaHua\AppData\Local\sponge.last.runtime.cache
2015-08-24 11:14 - 2015-08-24 11:14 - 0000032 RSHOT () C:\Users\DaHua\AppData\Local\t70rc.dat
2015-04-06 22:58 - 2015-04-06 22:58 - 0114830 _____ () C:\Users\DaHua\AppData\Local\tmp023423.vbe
2015-04-18 13:55 - 2015-04-18 13:55 - 0000000 _____ () C:\Users\DaHua\AppData\Local\{C63EF7F4-DD38-490F-AE33-94DF1F42E764}
2012-11-28 01:26 - 2012-09-07 18:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-28 01:26 - 2009-07-22 17:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-28 01:26 - 2012-09-07 18:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
C:\Users\DaHua\AppData\Roaming\Origin\update.vbe
 
 
Some files in TEMP:
====================
C:\Users\DaHua\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6fmi2v.dll
C:\Users\DaHua\AppData\Local\Temp\SetupUtil.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-19 21:25
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by DaHua (2015-10-07 14:41:01)
Running from D:\Downloads
Windows 8.1 (X64) (2014-04-17 04:39:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-296347350-2390120195-578779420-500 - Administrator - Disabled)
DaHua (S-1-5-21-296347350-2390120195-578779420-1007 - Administrator - Enabled) => C:\Users\DaHua
Guest (S-1-5-21-296347350-2390120195-578779420-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-296347350-2390120195-578779420-1008 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ultra Street Fighter IV version 1.0 (HKLM-x32\...\Ultra Street Fighter IV_is1) (Version: 1.0 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 RC (x32 Version: 3.2 - Microsoft Corporation) Hidden
Atom (HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\atom) (Version: 1.0.11 - GitHub Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Axure RP Pro 7.0 (HKLM-x32\...\Axure RP Pro 7.0) (Version: 7.0.0.3155 - Axure Software Solutions, Inc.)
Axure RP Pro 7.0 (x32 Version: 7.0.0.3155 - Axure Software Solutions, Inc.) Hidden
AzureTools.Notifications (x32 Version: 2.6.30331.1601 - Microsoft Corporation) Hidden
Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.3 - Balsamiq, SRL)
Balsamiq Mockups For Desktop (x32 Version: 2.2.3 - Balsamiq, SRL) Hidden
BlackBerry Device Manager 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)
BlackBerry Device Manager 7.0 (x32 Version: 7.0.0.40 - Research In Motion Ltd.) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
CPUID CPU-Z 1.67 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
DDPB (HKLM-x32\...\{748590DB-44CD-48D2-8585-2496BBFE919F}) (Version: 1.0.9 - DauDen.vn)
DEVIL MAY CRY 4 (HKLM-x32\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
Dexpot (HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\Dexpot) (Version: 1.6.10 - Dexpot GbR)
DFX (HKLM-x32\...\DFX) (Version: 11.109.0.0 - Power Technology)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition 5.18.0 (x32 Version: 5.18.0.2789 - PreEmptive Solutions) Hidden
Download Windows Universal Tools (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Dragonball Xenoverse, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Dragonball Xenoverse_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Dropbox (HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
Git version 1.8.4-preview20130916 (HKLM-x32\...\Git_is1) (Version: 1.8.4-preview20130916 - The Git Development Community)
GitHub Extension for Visual Studio (HKLM-x32\...\{AC1984A7-C570-4451-8595-8455BA997E69}) (Version: 1.0.10.3 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GrandDog Run Time System V1.0.35 (HKLM-x32\...\{F5025D45-CAE1-4329-8FA9-F12B1BB7E540}) (Version:  - )
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
IDA PRO Advanced Edition (HKLM-x32\...\IDA PRO Advanced Editionv6.1.1) (Version: v6.1.1 - Tom_Da_Man)
IDA Pro v6.5 (HKLM-x32\...\IDA Pro_6.5_is1) (Version:  - Hex-Rays SA)
IIS 10.0 Express (HKLM\...\{5456A561-2429-411B-B2C8-CAE4411D446B}) (Version: 10.0.1733 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Ikaruga (HKLM-x32\...\SWthcnVnYQ==_is1) (Version: 1 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.7.1084 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
K-Lite Codec Pack 10.9.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Koala version 2.0.4 (HKLM-x32\...\{434536F5-D7D0-4558-B756-F5D65705068A}_is1) (Version: 2.0.4 - Ethan Lai)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.37 - www.leaguereplays.com)
Maple 2015 (HKLM\...\Maple 2015) (Version: 2015 - Maplesoft)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (ENU) (HKLM-x32\...\{E689C2B1-3711-4FF7-95C4-1F4932A2B493}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (HKLM-x32\...\{F1052F45-79C1-48D6-979F-CC5B6F864615}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC SDK (HKLM-x32\...\{7318F8D8-AFC9-499C-9909-1CA56E7E7FB4}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta4 (HKLM\...\{a87918f8-8462-36ae-ab64-5bac8473c726}) (Version: 1.0.10413.0 - Microsoft Corporation)
Microsoft Encarta Premium 2009 (HKLM-x32\...\{09040081-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.22823 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50325.0) (HKLM-x32\...\{91A6AD24-DADE-407B-B19B-65000C22B931}) (Version: 14.0.50325.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x86) - 14.0.22816 (HKLM-x32\...\{714692fa-709b-4925-8170-821d51135f42}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 RC (HKLM-x32\...\{d79c19c8-760e-4fc2-a85a-8a89093b59e6}) (Version: 14.0.22823 - Microsoft Corporation)
Microsoft Web Deploy 3.6 Beta3 (HKLM\...\{07F0FC77-282E-42E5-BAE6-B8C098F8453E}) (Version: 3.1238.1942 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{EEF1F214-C6D4-4372-AA10-5DA4DAD5E4C5}) (Version: 4.0.0 - Node.js Foundation)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA GeForce Experience 1.6.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.24 (HKLM\...\{15E093DF-951E-46CB-B3EC-E1287E7A2319}) (Version: 4.3.24 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
PowerShellIntegration.Notifications (x32 Version: 2.6.0.0 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Python 2.7.2 (HKLM-x32\...\{2E295B5B-1AD4-4d36-97C2-A316084722CF}) (Version: 2.7.2150 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 0.7.4100.000 - Microsoft Corporation) Hidden
RapidCRC 0.6.1 (HKLM-x32\...\RapidCRC) (Version: 0.6.1 - Sebastian Ewert)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Ruby 2.2.2-p95-x64 (HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.2-p95 - RubyInstaller Team)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
SciTE4AutoIt3 4/5/2013 (HKLM-x32\...\SciTE4AutoIt3) (Version: 4/5/2013 - Jos van der Zande)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.05.42 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.3.2) (Version: 1.3.2 - Atlassian)
SourceTree (x32 Version: 1.3.2 - Atlassian) Hidden
Spotify (HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2015 RC (x32 Version: 14.0.22821 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 RC (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
The King Of Fighters XIII (HKLM-x32\...\VGhlS2luZ09mRmlnaHRlcnNYSUlJ_is1) (Version: 1 - )
TypeScript Power Tool (x32 Version: 1.4.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.4.3.0 - Microsoft Corporation) Hidden
Unified Remote (HKLM-x32\...\{D7CA47C9-D026-4A58-8313-CBE16B930F51}) (Version: 2.11.1.0 - Unified Remote)
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10056 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.10058 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.10056 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.10056 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.0.0 - VMware, Inc)
VMware Workstation (Version: 11.0.0 - VMware, Inc.) Hidden
WampServer 2.4 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WCF Data Services 5.6.2 Runtime (x32 Version: 5.6.61937.2 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2014 (x32 Version: 5.6.61937.2 - Microsoft Corporation) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296347350-2390120195-578779420-1007_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\DaHua\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
22-09-2015 20:11:23 Windows Update
05-10-2015 16:31:38 Installed Python 2.7.2
07-10-2015 10:11:34 Removed Splashtop Streamer.
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 12:26 - 2013-10-25 20:14 - 00000851 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {085CE3C6-21BD-4952-AF58-643582912D51} - System32\Tasks\Dexpot\2 => C:\Program Files (x86)\Dexpot\autodex.exe [2013-09-04] (Dexpot GbR) <==== ATTENTION
Task: {15A7EED2-9E2B-4418-BE79-8E98836FE24A} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {1ED8A381-2F45-4B71-9C4E-FC475051B8B9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007UA => C:\Users\DaHua\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-07] (Dropbox, Inc.)
Task: {28291565-EE1D-475C-B0EE-A84539877A25} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-13] (Avast Software s.r.o.)
Task: {28F214A6-4978-47D5-9CE9-7ECD0DB0A753} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007UA => C:\Users\DaHua\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-01] (Facebook Inc.)
Task: {4403DD01-1A01-4FAC-BF11-1C33E6787C3D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {4D0DD7C7-FB73-434E-8522-5E022E0A12E5} - System32\Tasks\Dexpot\4 => C:\Program Files (x86)\Dexpot\autodex.exe [2013-09-04] (Dexpot GbR) <==== ATTENTION
Task: {5278CD96-E67F-4622-9BA2-6CE3D60F8849} - System32\Tasks\AdobeAAMUpdater-1.0-DaHua-UltraBook-DaHua => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {570A5CA1-3A4E-4582-B57F-DF493D683EBA} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {5A0B2443-57DA-47B3-A085-4FD810853AD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {5EA8CFA2-A9BD-4C93-ADA7-0CA2F775292D} - System32\Tasks\Origin => C:\Users\DaHua\AppData\Roaming\Origin\update.vbe [2015-04-06] () <==== ATTENTION
Task: {60211B29-A0BC-4F04-932B-2D7256AF24FD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007Core => C:\Users\DaHua\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-07] (Dropbox, Inc.)
Task: {6C153107-6509-41AD-B528-B3FCEE2364E8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {74868426-80FA-43F8-8CA3-7A41B6D5CCD6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {7DFB236B-BFE0-4C20-A803-CF3B78248B1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {877C66AB-AD78-45CB-9DD7-A1A4C0B1C7B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {92E387D7-C782-40E1-9F0F-B628C4140355} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007Core => C:\Users\DaHua\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-01] (Facebook Inc.)
Task: {933C5687-BAE5-4315-A29F-15D5C9009FA6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {AB5A26F0-4109-4B5A-8B64-37EBFC7CCD97} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B693EF02-DF18-4593-BC66-BD40CB6F5514} - System32\Tasks\Dexpot\5 => C:\Program Files (x86)\Dexpot\autodex.exe [2013-09-04] (Dexpot GbR) <==== ATTENTION
Task: {C8EA6AC9-0EC0-4B20-BE9A-64B09E9B454D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {F6013D49-A2C4-4BE8-8D84-801BB19973C9} - System32\Tasks\Dexpot\Dexpot DaHua => C:\Program Files (x86)\Dexpot\dexpot.exe [2013-09-20] (Dexpot GbR)
Task: {FFA13E01-6031-443B-B58A-AF8DE4561975} - System32\Tasks\Dexpot\3 => C:\Program Files (x86)\Dexpot\autodex.exe [2013-09-04] (Dexpot GbR) <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007Core.job => C:\Users\DaHua\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007UA.job => C:\Users\DaHua\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007Core.job => C:\Users\DaHua\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296347350-2390120195-578779420-1007UA.job => C:\Users\DaHua\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-12-10 19:13 - 2013-12-10 19:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-17 10:59 - 2013-10-23 15:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-06-18 22:24 - 2012-06-18 22:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-01-10 23:45 - 2013-01-13 07:18 - 01131880 _____ () C:\Program Files (x86)\DFX\DFX.exe
2013-01-10 23:52 - 2013-01-10 23:52 - 00129384 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2013-01-10 23:55 - 2013-01-10 23:55 - 00131432 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2013-01-11 00:08 - 2013-01-11 00:08 - 00048488 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2013-01-10 23:48 - 2013-01-10 23:48 - 00160616 _____ () C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
2015-08-21 09:02 - 2015-08-21 09:02 - 00225280 _____ () C:\Program Files (x86)\Balsamiq Mockups\Balsamiq Mockups.exe
2015-06-13 23:29 - 2015-06-13 23:29 - 47730823 _____ () C:\Program Files (x86)\Messenger for Desktop\Messenger.exe
2015-07-13 09:45 - 2015-07-13 09:45 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-13 09:45 - 2015-07-13 09:45 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-06 16:17 - 2015-10-06 16:17 - 02967040 _____ () C:\Program Files\AVAST Software\Avast\defs\15100600\algo.dll
2015-10-07 08:43 - 2015-10-07 08:43 - 02967040 _____ () C:\Program Files\AVAST Software\Avast\defs\15100601\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-20 18:44 - 2014-11-20 18:44 - 01299136 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2013-12-10 19:13 - 2013-12-10 19:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-23 02:12 - 2015-03-23 02:12 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-01-11 00:05 - 2013-01-11 00:05 - 00049512 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2013-02-23 03:01 - 2012-06-26 01:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-01-24 02:55 - 2014-01-24 02:55 - 01030312 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-25 13:51 - 2015-09-24 09:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-25 13:51 - 2015-09-24 09:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2012-03-10 03:26 - 2012-03-10 03:26 - 00100352 _____ () C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00023040 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00047616 _____ () C:\Program Files (x86)\Winamp\zlib.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00103936 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00090112 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
2011-12-10 00:23 - 2015-01-23 18:08 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00165376 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00290304 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00340992 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2011-12-10 00:23 - 2015-01-23 18:08 - 00027648 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2011-11-11 05:10 - 2015-01-23 18:08 - 00185344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00318464 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00294400 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00082944 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00124928 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00249856 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00200192 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00241152 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00170496 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00113664 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00028160 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00083456 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00032256 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00136192 _____ () C:\Program Files (x86)\Winamp\libflac.dll
2011-10-24 10:21 - 2015-01-23 18:08 - 00491008 _____ () C:\Program Files (x86)\Winamp\Plugins\lame_enc.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00180224 _____ () C:\Program Files (x86)\Winamp\libmp4v2.dll
2011-12-10 00:23 - 2015-01-23 18:08 - 00922624 _____ () C:\Program Files (x86)\Winamp\System\aacdec.w5s
2015-06-13 23:29 - 2015-06-13 23:29 - 01481728 _____ () C:\Program Files (x86)\Messenger for Desktop\libglesv2.dll
2015-06-13 23:29 - 2015-06-13 23:29 - 00073728 _____ () C:\Program Files (x86)\Messenger for Desktop\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\DaHua\OneDrive:ms-properties
AlternateDataStreams: C:\Users\DaHua\OneDrive.old:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-296347350-2390120195-578779420-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\DaHua\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "ATLauncher"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-296347350-2390120195-578779420-1007\...\StartupApproved\Run: => "GarenaPlus"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{0140605D-3C47-4548-813C-72155803630F}C:\program files\sublime text 2\sublime_text.exe] => (Allow) C:\program files\sublime text 2\sublime_text.exe
FirewallRules: [TCP Query User{5934B051-27F5-4437-AC21-A6FAF65532A3}C:\program files\sublime text 2\sublime_text.exe] => (Allow) C:\program files\sublime text 2\sublime_text.exe
FirewallRules: [UDP Query User{8CF545B6-6326-4945-A404-D2E08577DE34}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe
FirewallRules: [TCP Query User{481F25DA-C4BF-48FF-A9AF-26998F45B2F9}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe
FirewallRules: [{0D9040A6-3047-4C7F-B7C7-8D357573D2A3}] => (Block) C:\program files (x86)\unified remote\remoteserver.exe
FirewallRules: [{A78D568C-A760-48A1-9E40-6A8CD04BEFDE}] => (Block) C:\program files (x86)\unified remote\remoteserver.exe
FirewallRules: [UDP Query User{FCA54026-B7DF-48E3-822D-3B08B3D6389D}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
FirewallRules: [TCP Query User{DA705312-2AB9-4B44-8674-DAC3EEE21D5F}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
FirewallRules: [{0AC73A38-B612-4139-ABF8-125AF3509D4E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4061C883-ED81-49D7-ABE6-62C088359E6C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CE8318EC-C991-491F-9D0B-A23A530678EF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{F482BDC3-B849-4615-BB8D-122BBABD965B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{4AB20D6D-C6B1-4C89-AA7F-62C640124BAB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{F5F48996-261B-4CBA-B9DB-0D65730EE895}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3B29B8BD-D92B-4342-A4C3-E4B2A54E281E}C:\users\dahua\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dahua\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{CE63F167-CC3A-4B3F-AC0D-EE551DEA6F51}C:\users\dahua\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dahua\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{8CA4CBE4-18CF-4453-A5A8-56146C989604}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{779986E2-02B4-486F-B9CC-65C83C3811F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3E9FF18C-3864-4CCA-83B9-B632A59A8AC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5338C0C2-B730-44FB-BF13-65F14C5E9357}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1773EB2F-8288-498A-973C-2C6E836F984B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4AEEECA8-FCF9-4EAA-A45E-C63509A7FB35}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1526F296-5C0F-42AA-B4EE-4111B1F306BD}] => (Allow) C:\Users\DaHua\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{437B64BA-B8DB-4E06-AC05-D7F87F3CAE4E}] => (Allow) C:\Users\DaHua\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{96FB24A5-0A6E-42F5-B379-8CE11FCDE008}C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
FirewallRules: [TCP Query User{DF07F486-4300-478D-A58C-BEA24E0C55A7}C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
FirewallRules: [UDP Query User{59B1DC09-97F3-48D1-A9FE-3EBB74361121}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{529339FB-D0C3-4A54-81A8-190E21FCF93A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{B999E20F-C71F-47E8-B197-C0ADF6FD71AC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1CCD5D34-BAFE-4C77-B112-58FA20D9B02A}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{89A8808F-8A4A-4CD6-8FFD-B8643FC13ABF}] => (Allow) LPort=1900
FirewallRules: [{963C85A6-046F-40AB-92E5-424F10D98037}] => (Allow) LPort=2869
FirewallRules: [{B817702A-CB1E-4ABB-8461-53568BAEC851}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FA37CE01-7538-4DFD-A394-B94E8D1C6E5E}] => (Allow) C:\Users\DaHua\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{B0795FFB-2166-4E37-82E0-B51D70BD2A78}C:\users\dahua\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dahua\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{501E1B8A-045D-46ED-BF8F-6B4702342BB3}C:\users\dahua\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dahua\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F371232B-82FC-4755-BA12-0DFA5D915F6E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1739B00D-BD0D-4E0F-8E0B-BCA469548708}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19028058-AA5C-47D0-A857-9C6D869F4CE6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0376A53D-39B0-47E4-ACF1-19D9BC3951D2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{01F433BF-F508-4FC3-B7FC-3B2CF031C800}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9F5BD8CC-6403-482D-85A3-FFBEAA5C8821}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BCD15893-0CEA-43F6-91A1-751F237F2798}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{86AF607F-2E59-4558-9370-B0900F691760}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D83B06BD-E2F7-4FAA-A5AB-C7F1973232B0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{844598E8-DED2-4E26-9C83-8D872FC95EB3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{7D3F6F3D-8185-45F7-B2A9-A2B4EB7051CA}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{3304A8ED-5755-4B34-882F-B4C550F8DA50}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{16C7FDE2-2E23-4879-9C82-0213B3CFA914}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{C8A51E1F-2239-41A0-8E62-EACDC68E6535}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2A3E378B-DC72-42BA-AEE6-86260D5342FE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{A2C86207-FA1D-4A3E-B4D4-B48C7C13E64F}C:\program files (x86)\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{2BBB312D-64FD-47A2-B83A-7A661040F112}C:\program files (x86)\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\torchlight ii\torchlight2.exe
FirewallRules: [{DC3F5BDE-FF47-4026-BBFB-6F581E82BCCA}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{7AD36B29-CA43-42FE-B28F-4C09E5143B9C}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [TCP Query User{8533203B-9C39-48E0-A3F9-EF8910022A16}C:\program files (x86)\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{300C7C00-750F-4176-B729-9604EAE1B12F}C:\program files (x86)\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\torchlight ii\torchlight2.exe
FirewallRules: [TCP Query User{C47E5044-CC8A-4852-B686-F265F41994A6}C:\users\dahua\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\dahua\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{38653200-BD6E-49C3-94A4-E7B9BD19ABF5}C:\users\dahua\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\dahua\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{31FDE690-4A68-463C-B4CB-73A54D22CB7A}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{39EC172E-74E4-45CE-8995-203C932FCF27}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{96040B61-1C68-4993-BBA2-B1A731DECFC9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B08565AB-1386-471D-8EA4-303B02E80ACA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EDFD56BE-0FA3-4432-A6C9-F627FB3F8D28}] => (Allow) LPort=8370
FirewallRules: [{13EFFC9C-CA9D-411D-A22A-8ED52D1F0019}] => (Allow) LPort=8370
FirewallRules: [TCP Query User{ED83D3B1-F452-41C6-A493-D49F0A860F40}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{30E033E5-CA92-4D24-BEC6-05900E394978}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F828FE34-75B1-433C-BF8B-A6F63F40872F}C:\program files\maple 2015\jre\bin\javaw.exe] => (Allow) C:\program files\maple 2015\jre\bin\javaw.exe
FirewallRules: [UDP Query User{6503FC0C-9128-42CE-8698-10FABF3EC69A}C:\program files\maple 2015\jre\bin\javaw.exe] => (Allow) C:\program files\maple 2015\jre\bin\javaw.exe
FirewallRules: [{17B06056-D6D1-4D30-B34C-A5D613B2A2FA}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{FE4B3A79-BD1E-496F-BAED-7FE3B1522CA9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{00A64FBA-A160-4CDB-B57B-B9960BAAB10E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{D6EE380F-82BB-4410-BB4E-4B9418906478}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{E80CA939-AA7A-46AD-85AD-87F2C58EEE9E}C:\program files\maple 2015\jre\bin\javaw.exe] => (Allow) C:\program files\maple 2015\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7325F904-EE62-42DF-8CCF-6B185EEDA34D}C:\program files\maple 2015\jre\bin\javaw.exe] => (Allow) C:\program files\maple 2015\jre\bin\javaw.exe
FirewallRules: [TCP Query User{2A51B55E-CB13-401B-8A86-B9466F6D7605}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{97EC9479-DACE-480B-BA0D-A502299358B4}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{0F7A79C0-B55B-4E60-A921-4377F638FF9C}C:\ruby22-x64\bin\ruby.exe] => (Allow) C:\ruby22-x64\bin\ruby.exe
FirewallRules: [UDP Query User{957FC184-8DF8-478E-9AE4-848154B71BAB}C:\ruby22-x64\bin\ruby.exe] => (Allow) C:\ruby22-x64\bin\ruby.exe
FirewallRules: [{CB86F4C5-5238-4175-AA0D-257EF29605F3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F981FB71-801F-49DF-84E7-CEFF87298E8D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1B90FADF-8AC7-4ADE-A81B-B230D2905005}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{211091A4-6E8A-435D-88B7-226AFE9EF59A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{40E90369-9F2D-4C1D-9365-5C38984B0A00}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{62448FCD-0FFF-48CE-8D05-EEE46BE90C22}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{2BB0F885-3360-4810-9CF5-D54A27C7479A}C:\pentavision\djmaxtrilogy\mainlauncher.exe] => (Allow) C:\pentavision\djmaxtrilogy\mainlauncher.exe
FirewallRules: [UDP Query User{0094F478-0D7E-4F89-AB54-594F3B012F63}C:\pentavision\djmaxtrilogy\mainlauncher.exe] => (Allow) C:\pentavision\djmaxtrilogy\mainlauncher.exe
FirewallRules: [TCP Query User{631293EE-B050-462F-A303-83EF1B4A9C72}C:\program files (x86)\ida pro advanced edition\idaq.exe] => (Allow) C:\program files (x86)\ida pro advanced edition\idaq.exe
FirewallRules: [UDP Query User{033A1D61-0B66-40F8-AB37-CBB4821FE366}C:\program files (x86)\ida pro advanced edition\idaq.exe] => (Allow) C:\program files (x86)\ida pro advanced edition\idaq.exe
FirewallRules: [{BC74FFD2-8394-44DC-B95B-7C947ECF427C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{311B7D12-8B37-4F48-80FA-6B82B13E2E9A}C:\program files (x86)\ida pro advanced edition\idaq.exe] => (Allow) C:\program files (x86)\ida pro advanced edition\idaq.exe
FirewallRules: [UDP Query User{1862A047-BE7D-4A13-BC06-4B3259885386}C:\program files (x86)\ida pro advanced edition\idaq.exe] => (Allow) C:\program files (x86)\ida pro advanced edition\idaq.exe
FirewallRules: [{6A93C196-8A3B-48B8-A874-F93F46E942B0}] => (Allow) C:\Program Files (x86)\IDA 6.5\idaq.exe
FirewallRules: [{2B527260-0E63-4178-93D2-BF0EF575C3DB}] => (Allow) C:\Program Files (x86)\IDA 6.5\idaq.exe
FirewallRules: [{E6D50BF6-16BD-4612-8B89-A5D92C3882EE}] => (Allow) C:\Program Files (x86)\IDA 6.5\idaq64.exe
FirewallRules: [{90E271D2-E223-4220-8DB7-BB5D41CDB9F6}] => (Allow) C:\Program Files (x86)\IDA 6.5\idaq64.exe
 
==================== Faulty Device Manager Devices =============
 
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/07/2015 11:20:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/07/2015 10:49:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/07/2015 08:49:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1470
 
Start Time: 01d100a1b81c5474
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: aab27f1a-6c95-11e5-81cc-6036ddac5886
 
Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (10/07/2015 08:48:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1354
 
Start Time: 01d100a186504187
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 7a829dd8-6c95-11e5-81cc-6036ddac5886
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (10/07/2015 08:45:52 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/06/2015 10:43:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program League of Legends.exe version 5.19.0.295 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 126c
 
Start Time: 01d1004d93c13a02
 
Termination Time: 4294967295
 
Application Path: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.107\deploy\League of Legends.exe
 
Report Id: fca43b93-6c40-11e5-81cb-6036ddac5886
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/06/2015 09:05:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: emulator-arm.exe, version: 0.0.0.0, time stamp: 0x55fc5a94
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0001df63
Faulting process id: 0x20
Faulting application start time: 0xemulator-arm.exe0
Faulting application path: emulator-arm.exe1
Faulting module path: emulator-arm.exe2
Report Id: emulator-arm.exe3
Faulting package full name: emulator-arm.exe4
Faulting package-relative application ID: emulator-arm.exe5
 
Error: (10/06/2015 08:47:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DaHua-UltraBook)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/07/2015 08:45:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (10/07/2015 08:44:23 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The BlueStacks Android Service service hung on starting.
 
Error: (10/07/2015 08:43:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VMware Workstation Server service failed to start due to the following error: 
%%1053
 
Error: (10/07/2015 08:43:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VMware Workstation Server service to connect.
 
Error: (10/07/2015 08:42:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (10/07/2015 08:42:53 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/06/2015 11:39:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
 
Error: (10/06/2015 11:39:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
 
Error: (10/06/2015 11:39:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
 
 
CodeIntegrity:
===================================
  Date: 2015-10-07 13:56:37.348
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 13:56:36.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 13:56:20.080
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 13:56:19.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 13:37:02.308
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 13:37:01.926
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 13:37:01.330
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 13:37:00.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 10:47:10.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 10:47:09.506
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 66%
Total physical RAM: 6029.6 MB
Available physical RAM: 2027.72 MB
Total Virtual: 8845.6 MB
Available Virtual: 2534.17 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.01 GB) (Free:29.41 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Media) (Fixed) (Total:319.26 GB) (Free:20.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 04A53D1B)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 PM

Posted 07 October 2015 - 03:11 AM

Hi,

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe
    C:\Users\DaHua\AppData\Roaming\Origin\update.vbe
    Task: {5EA8CFA2-A9BD-4C93-ADA7-0CA2F775292D} - System32\Tasks\Origin => C:\Users\DaHua\AppData\Roaming\Origin\update.vbe [2015-04-06] () 
    U3 kfxyiuog; \??\C:\Users\DaHua\AppData\Local\Temp\kfxyiuog.sys [X]
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKU\S-1-5-21-296347350-2390120195-578779420-1007 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Edited by deeprybka, 07 October 2015 - 03:21 AM.
fixlist has been changed

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 sephrik

sephrik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 07 October 2015 - 03:15 AM

Dexpot is what I use for multiple desktops on Windows, is it possible to keep it?



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 PM

Posted 07 October 2015 - 03:22 AM

Dexpot is what I use for multiple desktops on Windows, is it possible to keep it?


Yes. Fixlist has been changed.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 sephrik

sephrik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 07 October 2015 - 09:47 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by DaHua (2015-10-07 22:52:34) Run:1
Running from D:\Downloads
Loaded Profiles: DaHua (Available Profiles: DaHua & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Users\DaHua\AppData\Roaming\Origin\update.vbe
Task: {5EA8CFA2-A9BD-4C93-ADA7-0CA2F775292D} - System32\Tasks\Origin => C:\Users\DaHua\AppData\Roaming\Origin\update.vbe [2015-04-06] ()
U3 kfxyiuog; \??\C:\Users\DaHua\AppData\Local\Temp\kfxyiuog.sys [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-296347350-2390120195-578779420-1007 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
EmptyTemp:
*****************
 
Processes closed successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe => moved successfully
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe" => File/Folder not found.
C:\Users\DaHua\AppData\Roaming\Origin\update.vbe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EA8CFA2-A9BD-4C93-ADA7-0CA2F775292D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EA8CFA2-A9BD-4C93-ADA7-0CA2F775292D}" => key removed successfully
C:\WINDOWS\System32\Tasks\Origin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
kfxyiuog => service not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
HKU\S-1-5-21-296347350-2390120195-578779420-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
EmptyTemp: => 1.9 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 23:04:08 ====
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/8/2015
Scan Time: 8:48 AM
Logfile: malwarebytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.07.06
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: DaHua
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 545580
Time Elapsed: 56 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 PM

Posted 08 October 2015 - 03:39 AM

Ok. And step 3 please. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 sephrik

sephrik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 08 October 2015 - 04:59 AM

Yes, sorry for the delayed response, step 3 took a while to complete.

 

C:\Double Dealing Character\Th14t.exe a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\FRST\Quarantine\C\Users\DaHua\AppData\Roaming\Origin\update.vbe.xBAD VBS/CoinMiner.AD trojan
C:\FRST\Quarantine\C\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe.xBAD VBS/CoinMiner.AD trojan
C:\Users\DaHua\AppData\Local\tmp023423.vbe VBS/CoinMiner.AD trojan
C:\Users\DaHua\AppData\Roaming\uTorrent\updates\3.3.2_30260.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\DaHua\Documents\WE Bridge Technologies\GCHA\manage\Files\File\20150123210536_asp%00.jpg ASP/Small.A trojan


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 PM

Posted 08 October 2015 - 05:11 AM

Please post the log as instructed.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 sephrik

sephrik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 08 October 2015 - 09:20 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9fae21c3300aa041a646c3fb25f3276b
# end=init
# utc_time=2015-10-08 02:52:53
# local_time=2015-10-08 09:52:53 (+0700, SE Asia Standard Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 26132
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9fae21c3300aa041a646c3fb25f3276b
# end=updated
# utc_time=2015-10-08 03:01:52
# local_time=2015-10-08 10:01:52 (+0700, SE Asia Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9fae21c3300aa041a646c3fb25f3276b
# engine=26132
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-08 09:55:25
# local_time=2015-10-08 04:55:25 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 81 6707291 61594723 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 74788 8087690 0 0
# scanned=773004
# found=7
# cleaned=0
# scan_time=24801
sh=82DC564446050A1CCA0660CE299AF4C374F931F7 ft=1 fh=3702c3e38d6d8521 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="C:\Double Dealing Character\Th14t.exe"
sh=53F720FAD46C3C60F60172FF20DB45CCCF2E9F74 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.AD trojan" ac=I fn="C:\FRST\Quarantine\C\Users\DaHua\AppData\Roaming\Origin\update.vbe.xBAD"
sh=53F720FAD46C3C60F60172FF20DB45CCCF2E9F74 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.AD trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe.xBAD"
sh=CEF0CEC49430BAE838D8A1F4FECC7B50D6D3ACAC ft=1 fh=542e4608f08fabc7 vn="a variant of Win32/HackTool.Crack.DF potentially unsafe application" ac=I fn="C:\Program Files (x86)\Ikaruga\steam_api.dll"
sh=53F720FAD46C3C60F60172FF20DB45CCCF2E9F74 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.AD trojan" ac=I fn="C:\Users\DaHua\AppData\Local\tmp023423.vbe"
sh=74712ED6E08446A8C370B97B7BDACFBC77259024 ft=1 fh=7a7b67fab9035070 vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application" ac=I fn="C:\Users\DaHua\AppData\Roaming\uTorrent\updates\3.3.2_30260.exe"
sh=21C86ED7F02D5E79A4E3C141730E84E19F912555 ft=0 fh=0000000000000000 vn="ASP/Small.A trojan" ac=I fn="C:\Users\DaHua\Documents\WE Bridge Technologies\GCHA\manage\Files\File\20150123210536_asp%00.jpg"


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 PM

Posted 09 October 2015 - 02:17 AM

Scan wasn't complete:

# end=stopped

 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 sephrik

sephrik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 09 October 2015 - 02:26 AM

I was performing the scan at work as I didn't expect it to take so long, so unfortunately had to stop it early.

 

I will redo it this weekend when I have more time to leave it alone. For now is there anything I should do with the current log?



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 PM

Posted 09 October 2015 - 02:43 AM

I will redo it this weekend when I have more time to leave it alone. For now is there anything I should do with the current log?


No.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 PM

Posted 14 October 2015 - 03:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users