Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

chromebrowser.exe


  • This topic is locked This topic is locked
19 replies to this topic

#1 Chi Hao

Chi Hao

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 03 November 2015 - 09:55 AM

Hey there,

 

Today I've noticed that my pc has a chromebrowser.exe runing in the background. I do not have chome on my pc so i suspect it's a virus. I cannot remove it so I hope you guys can help me out. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Chi Hao (administrator) on DESKTOP-M2MK112 (03-11-2015 15:52:01)
Running from C:\Users\Chi Hao\Desktop
Loaded Profiles: Chi Hao (Available Profiles: Chi Hao)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\Smart Utilities\SuperRAIDSvc.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521472 2015-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2015-09-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2015-08-03] (MSI)
HKLM-x32\...\Run: [chromebrowser] => "C:\Windows\chromebrowser.exe"
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Run: [MurGee.com Auto Clicker] => C:\Users\Chi Hao\AppData\Roaming\Auto Clicker\AutoClicker.exe [120304 2015-03-29] (MurGee.com)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Run: [Spotify Web Helper] => C:\Users\Chi Hao\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-10-02] (Spotify Ltd)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Run: [Spotify] => C:\Users\Chi Hao\AppData\Roaming\Spotify\Spotify.exe [7571000 2015-10-02] (Spotify Ltd)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\RunOnce: [Uninstall C:\Users\Chi Hao\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Chi Hao\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\MountPoints2: F - "F:\setup.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-11-03]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{966d0704-fa42-481c-b904-782b404d58ae}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-02] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Chi Hao\AppData\Roaming\Mozilla\Firefox\Profiles\6cqbfw3i.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-10-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-02] (Dropbox, Inc.)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [34984 2015-09-03] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-08] (Rivet Networks) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2106832 2015-06-29] (MSI)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4048336 2015-08-13] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2123216 2015-07-08] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4177360 2015-07-07] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2002896 2015-07-28] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2285008 2015-09-07] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2072528 2015-06-29] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [599504 2015-07-28] (MSI)
R2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-28] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1768912 2015-09-11] (Micro-Star INT'L CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [29648 2015-02-10] (Micro-Star INT'L CO., LTD.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19216 2015-07-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [114736 2015-07-07] (Rivet Networks, LLC.)
S3 cpuz138; C:\Users\Chi Hao\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2015-09-30] (CPUID)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-11] (Disc Soft Ltd)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-09-30] ()
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [124464 2015-04-27] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-30] (Intel Corporation)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-18] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-24] (Intel Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-03 15:52 - 2015-11-03 15:52 - 00018025 _____ C:\Users\Chi Hao\Desktop\FRST.txt
2015-11-03 15:50 - 2015-11-03 15:52 - 00000000 ____D C:\FRST
2015-11-03 15:49 - 2015-11-03 15:49 - 02198016 _____ (Farbar) C:\Users\Chi Hao\Desktop\FRST64.exe
2015-11-03 15:43 - 2015-11-03 15:43 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-03 15:42 - 2015-11-03 15:42 - 02870984 _____ (ESET) C:\Users\Chi Hao\Desktop\esetsmartinstaller_enu.exe
2015-11-03 15:35 - 2015-11-03 15:35 - 00016148 _____ C:\Windows\system32\DESKTOP-M2MK112_Chi Hao_HistoryPrediction.bin
2015-11-03 15:18 - 2015-11-03 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2015-11-03 15:16 - 2015-11-03 15:16 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-03 15:15 - 2015-11-03 15:35 - 00000378 ____H C:\Windows\Tasks\YHYOYECBLBONYJAV.job
2015-11-03 15:15 - 2015-11-03 15:15 - 00003458 _____ C:\Windows\System32\Tasks\YHYOYECBLBONYJAV
2015-11-03 15:15 - 2015-11-03 15:15 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2015-11-03 15:14 - 2015-11-03 15:35 - 00001056 _____ C:\Windows\Tasks\RKDtiZu7NRNNRUJdmvAt3i.job
2015-11-03 15:14 - 2015-11-03 15:19 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-11-03 15:14 - 2015-11-03 15:15 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Opera Software
2015-11-03 15:14 - 2015-11-03 15:15 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Opera Software
2015-11-03 15:14 - 2015-11-03 15:15 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-03 15:14 - 2015-11-03 15:14 - 00004200 _____ C:\Windows\System32\Tasks\RKDtiZu7NRNNRUJdmvAt3i
2015-11-03 15:14 - 2015-11-03 15:14 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\DivX
2015-11-03 15:14 - 2015-11-03 15:14 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\globalUpdate
2015-11-03 15:14 - 2015-11-03 15:14 - 00000000 ____D C:\Program Files\DivX
2015-11-03 15:14 - 2015-07-10 12:02 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-11-03 15:13 - 2015-11-03 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-11-03 15:13 - 2015-11-03 15:13 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-03 15:13 - 2015-11-03 15:13 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\ComBroadcaster
2015-11-03 15:12 - 2015-11-03 15:14 - 00000000 ____D C:\ProgramData\DivX
2015-11-03 14:59 - 2015-11-03 15:25 - 00001256 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2015-11-03 14:59 - 2015-11-03 15:09 - 00000000 ____D C:\Users\Chi Hao\Downloads\PopcornTime
2015-11-03 14:58 - 2015-11-03 14:59 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2015-11-03 14:57 - 2015-11-03 14:58 - 48332813 _____ (Popcorn Time ) C:\Users\Chi Hao\Desktop\PopcornTime-latest.exe
2015-11-03 00:27 - 2015-11-03 15:25 - 00000900 _____ C:\Users\Chi Hao\Desktop\trine1_launcher - Shortcut.lnk
2015-11-03 00:27 - 2015-11-03 15:25 - 00000889 _____ C:\Users\Chi Hao\Desktop\trine1_32bit - Shortcut.lnk
2015-11-03 00:27 - 2015-11-03 00:27 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Trine1
2015-11-03 00:24 - 2015-11-03 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine Enchanted Edition
2015-10-30 00:21 - 2015-10-28 00:38 - 21871616 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-10-30 00:21 - 2015-10-28 00:16 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-10-30 00:21 - 2015-10-21 13:45 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-10-30 00:21 - 2015-10-21 13:44 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-10-30 00:21 - 2015-10-21 13:43 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-10-30 00:21 - 2015-10-21 13:39 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-30 00:21 - 2015-10-21 13:00 - 24595968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-30 00:21 - 2015-10-21 13:00 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-10-30 00:21 - 2015-10-21 12:59 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2015-10-30 00:21 - 2015-10-21 12:57 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-10-30 00:21 - 2015-10-21 12:52 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-10-30 00:21 - 2015-10-21 12:50 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2015-10-30 00:21 - 2015-10-21 12:48 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-10-30 00:21 - 2015-10-21 12:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2015-10-30 00:21 - 2015-10-21 12:46 - 02179584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-10-30 00:21 - 2015-10-21 12:46 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-30 00:21 - 2015-10-21 12:44 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2015-10-30 00:21 - 2015-10-21 12:44 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-10-30 00:21 - 2015-10-21 12:43 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2015-10-30 00:21 - 2015-10-21 12:42 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2015-10-30 00:21 - 2015-10-21 12:41 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-10-30 00:21 - 2015-10-21 12:40 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2015-10-30 00:21 - 2015-10-21 12:38 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2015-10-30 00:21 - 2015-10-21 06:53 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-10-30 00:21 - 2015-10-21 06:49 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-30 00:21 - 2015-10-21 06:13 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-30 00:21 - 2015-10-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-10-30 00:21 - 2015-10-21 06:08 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-10-30 00:21 - 2015-10-21 06:05 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-10-30 00:21 - 2015-10-21 06:03 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-30 00:21 - 2015-10-21 06:03 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2015-10-30 00:21 - 2015-10-21 05:58 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2015-10-30 00:21 - 2015-10-21 05:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2015-10-30 00:21 - 2015-10-21 05:55 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2015-10-21 19:31 - 2015-10-23 00:54 - 00024648 _____ C:\Users\Chi Hao\Desktop\footy.xlsx
2015-10-21 18:05 - 2015-10-21 18:05 - 00000000 __SHD C:\ProgramData\icsxml
2015-10-21 18:05 - 2015-10-21 18:05 - 00000000 __SHD C:\ProgramData\DIBsection
2015-10-21 18:05 - 2015-10-21 18:05 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Maverick Software
2015-10-21 18:04 - 2015-10-21 18:04 - 00000000 __SHD C:\Users\Chi Hao\AppData\Local\icsxml
2015-10-21 18:04 - 2015-10-21 18:04 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Maverick Software
2015-10-21 18:04 - 2015-10-21 18:04 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Maverick_Software
2015-10-21 18:03 - 2015-11-03 15:25 - 00003111 _____ C:\Users\Chi Hao\Desktop\SoccerStato.lnk
2015-10-21 18:03 - 2015-11-03 15:25 - 00003065 _____ C:\Users\Chi Hao\AppData\Roaming\Microsoft\Windows\Start Menu\SoccerStato.lnk
2015-10-21 18:03 - 2015-10-21 18:03 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoccerStato
2015-10-21 18:03 - 2015-10-21 18:03 - 00000000 ____D C:\ProgramData\Maverick Software
2015-10-21 18:03 - 2015-10-21 18:03 - 00000000 ____D C:\Program Files (x86)\Maverick Software
2015-10-21 16:13 - 2015-10-21 16:13 - 00000000 _____ C:\Users\Chi Hao\Sti_Trace.log
2015-10-21 16:11 - 2015-10-21 16:11 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-10-21 16:11 - 2015-10-21 16:11 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Canon
2015-10-21 16:10 - 2015-10-21 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-21 16:10 - 2015-10-21 16:10 - 00000000 ____D C:\Program Files (x86)\Canon
2015-10-21 16:09 - 2015-10-21 16:09 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-10-21 16:09 - 2015-10-21 16:09 - 00000000 ___HD C:\Program Files\CanonBJ
2015-10-21 16:09 - 2015-10-21 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
2015-10-21 16:09 - 2012-03-14 04:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMXLMAA.DLL
2015-10-21 00:47 - 2015-10-21 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-16 01:25 - 2015-10-21 16:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-15 03:11 - 2015-10-15 03:11 - 00079322 _____ C:\Users\Chi Hao\Desktop\Jane00_99.MassEffectSave
2015-10-14 14:56 - 2015-10-10 08:12 - 00078528 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 14:56 - 2015-10-06 04:03 - 16708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-10-14 14:56 - 2015-10-06 03:46 - 13027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 14:56 - 2015-10-01 05:01 - 01294352 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 14:56 - 2015-10-01 05:01 - 01123400 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 14:56 - 2015-10-01 05:01 - 01018568 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 14:56 - 2015-10-01 05:01 - 00858408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-14 14:56 - 2015-10-01 05:00 - 08020320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 14:56 - 2015-10-01 04:03 - 00757760 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-14 14:56 - 2015-09-25 05:01 - 02573768 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-14 14:56 - 2015-09-25 05:01 - 00498016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-10-14 14:56 - 2015-09-25 04:56 - 22322624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 14:56 - 2015-09-25 04:52 - 00980832 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2015-10-14 14:56 - 2015-09-25 04:33 - 01997336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-10-14 14:56 - 2015-09-25 04:26 - 20858360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 14:56 - 2015-09-25 04:11 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2015-10-14 14:56 - 2015-09-25 04:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2015-10-14 14:56 - 2015-09-25 04:09 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 14:56 - 2015-09-25 04:07 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2015-10-14 14:56 - 2015-09-25 04:04 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 14:56 - 2015-09-25 04:04 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2015-10-14 14:56 - 2015-09-25 04:03 - 00796160 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2015-10-14 14:56 - 2015-09-25 04:03 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 14:56 - 2015-09-25 04:02 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-10-14 14:56 - 2015-09-25 04:02 - 00949248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 14:56 - 2015-09-25 04:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 14:56 - 2015-09-25 04:01 - 04792320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 14:56 - 2015-09-25 04:01 - 03586560 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-10-14 14:56 - 2015-09-25 04:00 - 01423872 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2015-10-14 14:56 - 2015-09-25 04:00 - 01382400 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-10-14 14:56 - 2015-09-25 04:00 - 00856576 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2015-10-14 14:56 - 2015-09-25 04:00 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 01205248 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2015-10-14 14:56 - 2015-09-25 03:58 - 01871360 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-14 14:56 - 2015-09-25 03:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2015-10-14 14:56 - 2015-09-25 03:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 14:56 - 2015-09-25 03:38 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 14:56 - 2015-09-25 03:38 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 14:56 - 2015-09-25 03:38 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2015-10-14 14:56 - 2015-09-25 03:38 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 14:56 - 2015-09-25 03:37 - 00766976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 14:56 - 2015-09-25 03:37 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2015-10-14 14:56 - 2015-09-25 03:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 14:56 - 2015-09-25 03:36 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 14:56 - 2015-09-25 03:36 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-10-14 14:56 - 2015-09-25 03:34 - 00928256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2015-10-14 14:56 - 2015-09-25 03:34 - 00625152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2015-10-14 14:56 - 2015-09-25 03:34 - 00579584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2015-10-14 14:56 - 2015-09-25 03:34 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2015-10-14 14:56 - 2015-09-25 03:34 - 00525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2015-10-14 14:56 - 2015-09-25 03:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2015-10-14 14:56 - 2015-09-25 03:32 - 01594368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-10-14 14:56 - 2015-09-25 03:32 - 00466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2015-10-13 01:33 - 2015-11-03 15:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-11 23:35 - 2015-10-11 23:35 - 00000000 ____D C:\Users\Chi Hao\Documents\BioWare
2015-10-11 23:34 - 2015-11-03 15:25 - 00001147 _____ C:\Users\Chi Hao\Desktop\MassEffect - Shortcut.lnk
2015-10-11 23:31 - 2015-10-11 23:31 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\PowerISO
2015-10-11 23:30 - 2015-10-11 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-10-11 23:30 - 2015-10-11 23:30 - 00000000 ____D C:\Program Files\PowerISO
2015-10-11 23:30 - 2015-06-08 03:59 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2015-10-11 23:27 - 2015-10-11 23:27 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2015-10-11 23:27 - 2015-10-11 23:27 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Disc_Soft_Ltd
2015-10-11 23:26 - 2015-10-11 23:26 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-10-11 23:16 - 2015-10-11 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
2015-10-11 23:12 - 2015-10-11 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-11 23:11 - 2015-10-11 23:11 - 00113953 _____ C:\Windows\DirectX.log
2015-10-11 23:11 - 2015-10-11 23:11 - 00000000 ____D C:\Program Files (x86)\Disc Soft
2015-10-11 23:11 - 2006-09-28 15:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-10-11 23:11 - 2006-09-28 15:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-10-11 23:11 - 2006-09-28 15:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-10-11 23:11 - 2006-09-28 15:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-10-11 23:11 - 2006-09-28 15:04 - 00091928 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-10-11 23:11 - 2006-09-28 15:04 - 00068888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-10-11 23:11 - 2006-09-28 15:03 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-10-11 23:11 - 2006-09-28 15:03 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-10-11 23:11 - 2006-07-28 08:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-10-11 23:11 - 2006-07-28 08:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-10-11 23:11 - 2006-07-28 08:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-10-11 23:11 - 2006-07-28 08:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-10-11 23:11 - 2006-05-31 06:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-10-11 23:11 - 2006-05-31 06:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-10-11 23:11 - 2006-03-31 11:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-10-11 23:11 - 2006-03-31 11:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-10-11 23:11 - 2006-03-31 11:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-10-11 23:11 - 2006-03-31 11:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-10-11 23:11 - 2006-03-31 11:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-10-11 23:11 - 2006-03-31 11:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-10-11 23:11 - 2006-02-03 07:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-10-11 23:11 - 2006-02-03 07:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-10-11 23:11 - 2006-02-03 07:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-10-11 23:11 - 2006-02-03 07:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-10-11 23:11 - 2006-02-03 07:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-10-11 23:11 - 2006-02-03 07:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-10-11 23:11 - 2005-12-05 17:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-10-11 23:11 - 2005-12-05 17:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-10-11 23:11 - 2005-07-22 18:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-10-11 23:11 - 2005-07-22 18:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-10-11 23:11 - 2005-05-26 14:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-10-11 23:11 - 2005-05-26 14:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-10-11 23:11 - 2005-03-18 16:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-10-11 23:11 - 2005-03-18 16:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-10-11 23:11 - 2005-02-05 18:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-10-11 23:11 - 2005-02-05 18:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-10-11 23:10 - 2015-10-11 23:26 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\DAEMON Tools Lite
2015-10-11 23:09 - 2015-10-11 23:10 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-10-11 16:22 - 2015-10-11 16:24 - 308853852 _____ C:\Users\Chi Hao\Desktop\CDY.15.15.rmvb
2015-10-11 16:22 - 2015-10-11 16:24 - 305660896 _____ C:\Users\Chi Hao\Desktop\CDY.15.17.rmvb
2015-10-11 16:22 - 2015-10-11 16:24 - 295128636 _____ C:\Users\Chi Hao\Desktop\CDY.15.16.rmvb
2015-10-11 16:22 - 2015-10-11 16:23 - 305333218 _____ C:\Users\Chi Hao\Desktop\CDY.15.14.rmvb
2015-10-07 16:36 - 2015-10-07 16:37 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2015-10-07 16:32 - 2015-10-07 16:32 - 00000000 ____D C:\Program Files\Realtek
2015-10-07 16:32 - 2015-08-27 22:36 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 03233472 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 02988288 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 01976560 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 01744600 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 01347808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00645464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00576280 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00533904 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00410040 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00388840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00332088 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00323240 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00223496 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00216352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00211064 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00196712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00167728 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00112512 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-10-07 16:32 - 2015-08-27 22:33 - 04589312 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-10-07 16:32 - 2015-08-27 22:33 - 02999024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-10-07 16:32 - 2015-08-27 22:33 - 02711296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-10-07 16:32 - 2015-08-27 22:33 - 02051704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-10-07 16:32 - 2015-08-27 22:33 - 01761024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-10-07 16:32 - 2015-08-27 22:33 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-10-07 16:32 - 2015-08-27 22:33 - 00041096 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2015-10-07 16:32 - 2015-08-27 22:33 - 00025224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-10-07 16:32 - 2015-08-27 19:20 - 03686140 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-10-07 16:31 - 2015-06-09 00:13 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-10-07 06:17 - 2015-10-16 04:10 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-07 06:17 - 2015-10-16 04:10 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-07 06:06 - 2013-02-08 10:04 - 00000000 _____ C:\RAMDiskImage.img
2015-10-05 22:45 - 2015-10-05 22:45 - 00248320 _____ (CANON INC.) C:\Windows\system32\CNMIUAA.DLL
2015-10-05 22:45 - 2015-10-05 22:45 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-10-05 22:45 - 2012-03-14 04:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAA.DLL
2015-10-05 22:44 - 2015-10-05 22:44 - 00103424 _____ (Canon Inc.) C:\Windows\system32\CNC280O.dll
2015-10-05 22:44 - 2012-07-04 10:55 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNC280C.dll
2015-10-05 22:44 - 2012-07-04 10:55 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC280I.dll
2015-10-05 22:44 - 2012-07-04 10:29 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC280U.dll
2015-10-05 22:44 - 2010-03-18 18:26 - 00348672 _____ (CANON INC.) C:\Windows\system32\CNC280L.dll
2015-10-05 22:44 - 2010-03-18 18:25 - 00307200 _____ (CANON INC.) C:\Windows\SysWOW64\CNC280L.dll
2015-10-05 22:44 - 2009-11-13 13:38 - 00012800 _____ C:\Windows\SysWOW64\CNC1746D.TBL
2015-10-05 22:44 - 2008-08-25 17:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-10-05 22:44 - 2008-08-25 17:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-03 15:46 - 2015-10-02 16:41 - 00000942 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-03 15:41 - 2015-09-25 05:08 - 00876942 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-03 15:35 - 2015-10-02 16:40 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-03 15:35 - 2015-09-30 13:09 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-03 15:35 - 2015-09-25 05:01 - 00034960 _____ C:\Windows\PFRO.log
2015-11-03 15:35 - 2015-07-10 13:22 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-11-03 15:35 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-03 15:35 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\sru
2015-11-03 15:35 - 2015-07-10 10:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2015-11-03 15:30 - 2015-10-02 21:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-03 15:26 - 2015-07-10 14:12 - 00000000 ____D C:\Windows\OCR
2015-11-03 15:26 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-03 15:25 - 2015-10-02 17:54 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-03 15:25 - 2015-10-02 17:54 - 00002118 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-03 15:25 - 2015-10-02 17:43 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-03 15:25 - 2015-10-02 17:43 - 00001866 _____ C:\Users\Chi Hao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-11-03 15:25 - 2015-10-02 17:43 - 00001860 _____ C:\Users\Chi Hao\Desktop\Spotify.lnk
2015-11-03 15:25 - 2015-10-02 16:42 - 00001283 _____ C:\Users\Chi Hao\Desktop\Dropbox.lnk
2015-11-03 15:25 - 2015-10-02 16:02 - 00000611 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-11-03 15:25 - 2015-10-02 16:02 - 00000611 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-11-03 15:25 - 2015-10-02 15:59 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Azureus
2015-11-03 15:25 - 2015-10-02 15:58 - 00001161 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-03 15:25 - 2015-10-02 15:57 - 00000901 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-03 15:25 - 2015-10-02 15:05 - 00000754 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2015-11-03 15:25 - 2015-09-30 14:20 - 00002094 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2015-11-03 15:25 - 2015-09-30 13:17 - 00001212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-03 15:25 - 2015-09-30 13:17 - 00001206 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-03 15:25 - 2015-09-30 00:18 - 00001964 _____ C:\Users\Chi Hao\Desktop\League of Legends.lnk
2015-11-03 15:25 - 2015-09-25 05:07 - 00002334 _____ C:\Users\Chi Hao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-03 15:19 - 2015-10-02 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-03 15:19 - 2015-10-02 15:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-03 14:59 - 2015-09-25 05:06 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\VirtualStore
2015-11-02 18:56 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness
2015-11-02 01:08 - 2015-10-02 15:03 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Battle.net
2015-11-01 17:47 - 2015-10-02 17:54 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 20:01 - 2009-12-01 09:01 - 00328926 _____ C:\Users\Chi Hao\Desktop\toto.xlsx
2015-10-30 13:35 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp
2015-10-30 00:38 - 2009-08-15 15:14 - 00000974 _____ C:\Users\Chi Hao\Desktop\Games to dl.txt
2015-10-27 22:09 - 2015-10-02 17:53 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-21 19:07 - 2015-09-25 05:06 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Packages
2015-10-21 16:13 - 2015-09-25 05:06 - 00000000 ____D C:\Users\Chi Hao
2015-10-21 16:12 - 2015-09-30 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-21 00:47 - 2015-10-02 16:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-17 14:33 - 2015-10-02 03:46 - 00000000 ____D C:\Windows\system32\MRT
2015-10-17 14:32 - 2015-10-02 03:46 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 22:37 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\NDF
2015-10-14 14:30 - 2015-10-02 21:30 - 00003816 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-11 20:14 - 2015-10-02 16:40 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Dropbox
2015-10-07 16:32 - 2015-09-30 13:57 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-10-07 16:32 - 2015-09-30 13:14 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-10-07 16:32 - 2015-09-30 13:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-07 16:32 - 2015-07-10 13:20 - 00010170 _____ C:\Windows\setupact.log
2015-10-07 06:16 - 2015-07-10 13:20 - 00340032 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-07 06:13 - 2015-07-10 14:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\SysWOW64\F12
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\system32\F12
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\oobe
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\Provisioning
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\L2Schemas
2015-10-07 06:13 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-10-07 06:13 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\system32\Dism
2015-10-07 06:07 - 2015-09-30 14:20 - 00000000 ____D C:\MSI
2015-10-07 06:06 - 2015-09-30 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-10-07 06:06 - 2015-09-30 14:20 - 00000000 ____D C:\Program Files (x86)\MSI
2015-10-05 22:45 - 2015-07-10 12:04 - 00000000 __RSD C:\Windows\Media
2015-10-05 22:38 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-10-05 09:50 - 2015-10-02 15:58 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-10-02 15:58 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-10-02 15:58 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Chi Hao\AppData\Roaming\RKDtiZu7NRNNRUJdmvAt3i
2015-09-30 13:06 - 2015-09-30 13:06 - 0000000 _____ () C:\Users\Chi Hao\AppData\Local\Driver_LOM_8161Present.flag
2015-11-03 15:16 - 2015-11-03 15:16 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\Chi Hao\AppData\Local\Temp\7za.exe
C:\Users\Chi Hao\AppData\Local\Temp\Command Center.exe
C:\Users\Chi Hao\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Chi Hao\AppData\Local\Temp\DivXI.exe
C:\Users\Chi Hao\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpddevtv.dll
C:\Users\Chi Hao\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgziahi.dll
C:\Users\Chi Hao\AppData\Local\Temp\dxdiag.exe
C:\Users\Chi Hao\AppData\Local\Temp\Fix.exe
C:\Users\Chi Hao\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chi Hao\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Chi Hao\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Chi Hao\AppData\Local\Temp\nvStInst.exe
C:\Users\Chi Hao\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Chi Hao\AppData\Local\Temp\sfextra.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-26 00:54

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Chi Hao (2015-11-03 15:52:13)
Running from C:\Users\Chi Hao\Desktop
Windows 10 Pro (X64) (2015-09-25 04:05:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-72143614-443022322-935499458-500 - Administrator - Disabled)
Chi Hao (S-1-5-21-72143614-443022322-935499458-1001 - Administrator - Enabled) => C:\Users\Chi Hao
DefaultAccount (S-1-5-21-72143614-443022322-935499458-503 - Limited - Disabled)
Guest (S-1-5-21-72143614-443022322-935499458-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Auto Clicker v1.9 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 1.9 - MurGee.com)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Corsair Hydro Series 7289 USB Device (Driver Removal) (HKLM-x32\...\HYDROS7289&1B1C&0C02) (Version:  - Corsair Components, Inc.)
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 3.2.5695 - Corsair)
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Rivet Networks)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 nl) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 nl)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.02 - MSI)
MSI ECO Center (HKLM-x32\...\{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1) (Version: 1.0.0.35 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 5.0.0.20 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.008 - MSI)
MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.11 - MSI)
MSI® Intel® Extreme Tuning Utility (HKLM-x32\...\{482c7431-75e2-4124-a453-6a294cd2c6a4}) (Version: 6.0.2.101 - Intel Corporation)
MSI® Intel® Extreme Tuning Utility (x32 Version: 6.0.2.101 - Intel Corporation) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SoccerStato (HKLM-x32\...\{299646F1-4EEF-4ACE-89D5-CDBB00BE61CA}) (Version: 2.0.0 - Maverick Software)
Spotify (HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
Trine Enchanted Edition (HKLM-x32\...\Trine Enchanted Edition_is1) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-10-2015 16:32:21 Installed Realtek High Definition Audio Driver
11-10-2015 23:11:00 Installed DirectX
16-10-2015 13:50:05 Windows Update
20-10-2015 19:28:51 Windows Update
30-10-2015 13:34:52 Windows Update
03-11-2015 15:18:03 Removed Microsoft Silverlight

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00FFD333-6630-4032-8F42-49FAE2FC189A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-02] (Dropbox, Inc.)
Task: {3298C996-D24F-4C63-961E-27FA6C167447} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-05-06] (Intel Corporation)
Task: {43238097-1946-44F3-91F8-83220DA9ADF3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-02] (Dropbox, Inc.)
Task: {4F2E616B-37B7-44C5-8DCA-69347E5F1663} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {65667FD9-894D-451C-92A5-357B065BAF87} - \bvxvgxvyy -> No File <==== ATTENTION
Task: {70050E35-68A6-4C4B-97D7-F2EE703C96F4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-17] (Microsoft Corporation)
Task: {76589784-22E2-4CD3-9341-41017B332021} - System32\Tasks\YHYOYECBLBONYJAV => C:\ProgramData\Service3232\Service3232.exe <==== ATTENTION
Task: {7E9649A0-59B1-476B-B159-FC1D2FB8FA77} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {9E059627-64C5-4DD3-88B7-C420D6097571} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {BBA541A2-3E1F-410D-8531-87A9DE056E09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {BC0E9A89-6809-481F-8789-FDE958B84DB3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-27] (Microsoft Corporation)
Task: {CC0CADD8-7718-4251-996E-3887EBCA1D97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D46344DA-5537-41CA-B4AF-72A32888B63F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {E394CE5D-C159-4B03-8769-565405A5451B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {E5E83D86-ECBE-4BF6-8927-9D0C4328E075} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe [2015-08-05] ()
Task: {EE701502-25BF-4E01-B58B-FA9AEAFB7429} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {F81C4E58-F039-4377-9E7C-EB0682469E20} - System32\Tasks\RKDtiZu7NRNNRUJdmvAt3i => C:\Users\Chi Hao\AppData\Roaming\RKDtiZu7NRNNRUJdmvAt3i.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\RKDtiZu7NRNNRUJdmvAt3i.job => C:\Users\Chi Hao\AppData\Roaming\RKDtiZu7NRNNRUJdmvAt3i.exe <==== ATTENTION
Task: C:\Windows\Tasks\YHYOYECBLBONYJAV.job => C:\ProgramData\Service3232\Service3232.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-10-02 03:44 - 2015-07-15 03:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-09-30 13:09 - 2015-09-13 23:04 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-02 03:45 - 2015-08-11 10:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-10-02 17:53 - 2015-10-07 19:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-02 03:45 - 2015-09-17 07:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-10-02 03:45 - 2015-09-17 07:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-10-27 22:09 - 2015-09-01 17:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-02 03:45 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-02 03:45 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-02 03:44 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-02 03:45 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-02 03:45 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-30 14:20 - 2005-07-18 21:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2015-09-30 14:14 - 2015-08-27 01:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-27 22:09 - 2015-09-01 13:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-72143614-443022322-935499458-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "chromebrowser"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "MurGee.com Auto Clicker"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A805EBD2-8A2B-40C6-9E81-D20786600BD7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{973359DB-F86B-412E-BD19-BDC9E9B3B924}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7EF98BE-2478-4C14-9587-CA43FF8734D0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C1981970-2B63-4203-9B56-51B5FFF53EEC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99500F4B-568B-41ED-BA61-A0E1CBBE742F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AEB199D0-0212-4905-B2E5-32133BE0A5D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EB26E9C5-A5A9-42B9-9C78-B45E6D856285}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D63E1FD1-73D6-48D1-97A7-AD91798509CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{452B7702-23FB-432A-B9AD-C56DAB43F682}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C94FFD83-31AA-405A-A541-FEBC336A22A1}] => (Allow) D:\Vuze\Azureus.exe
FirewallRules: [{D18B2221-73F0-4E8E-A801-D63D7187F4E6}] => (Allow) D:\Vuze\Azureus.exe
FirewallRules: [TCP Query User{811F2AF7-770F-469F-98E2-60E4D81EDBEE}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9D03C1AD-4561-41C5-A4FF-612239DC0726}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe
FirewallRules: [{87CBD2FB-6BF6-4324-B662-C43F76E25F0E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{DF01891F-06D9-4521-BA86-F6FF1FC262E0}C:\users\chi hao\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chi hao\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{55A81C47-497E-4215-8DA4-4C4234EA1A5C}C:\users\chi hao\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chi hao\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8CFB84A8-DFF7-4BE6-B677-2098657A664D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{064F3FEC-F894-4777-AEB8-31B2244DC27B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5F1F24AB-567D-444A-8D5F-1E3A87906BDC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1A74C07F-B7CD-4662-AFE0-FFEC32E59237}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1087C3A6-2C55-4AEA-8BCF-D48401D64A8C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0D5D85BB-4DB7-496F-9E13-31D8E9C4B7AD}] => (Allow) D:\Vuze\Azureus.exe
FirewallRules: [{D9B6D4AE-7A4E-47F1-B8C3-808F4B2134EA}] => (Allow) D:\Vuze\Azureus.exe
FirewallRules: [{E954FA68-2353-49A5-AEEB-C38880F5E0D2}] => (Allow) E:\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{93AA9517-BB7E-44D2-8E37-610DA08BD765}] => (Allow) E:\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{8D255255-5B75-44E5-B9EE-E852452D1C90}] => (Allow) E:\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{A1D35C45-12F4-4558-A351-532AFB2C4B2E}] => (Allow) E:\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{AB2D44D7-D331-4877-BA05-52AF6A0AC004}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{D78439A4-3404-40DB-9587-0244CBF2F67E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{DF44C2BA-3296-420E-BFDB-A82B67C607AF}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{F587006A-78C2-4379-863B-4CB88CC537D0}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{28EEFF20-B345-4E13-8E13-220A83811E80}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{0BE377D7-1147-454E-9F6F-F077402CE35A}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{A38000D3-D3A5-4E77-A180-719AAFAE9C9F}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2015 03:43:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (11/03/2015 03:43:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (11/03/2015 03:42:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (11/03/2015 03:28:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program irsetup.exe version 9.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 12e0

Start Time: 01d11643c62e5bdb

Termination Time: 4294967295

Application Path: C:\Users\CHIHAO~1\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Report Id: 1dae0f13-8237-11e5-9bcd-d8cb8a773444

Faulting package full name:

Faulting package-relative application ID:

Error: (11/03/2015 03:25:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-M2MK112)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/03/2015 03:18:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/03/2015 03:17:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program irsetup.exe version 9.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1f44

Start Time: 01d11641afbbe10c

Termination Time: 4294967295

Application Path: C:\Users\CHIHAO~1\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Report Id: 96363f6e-8235-11e5-9bcc-d8cb8a773444

Faulting package full name:

Faulting package-relative application ID:

Error: (11/03/2015 03:17:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program InstallManager.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ff4

Start Time: 01d1164246d56710

Termination Time: 4294967295

Application Path: C:\Users\CHIHAO~1\AppData\Local\Temp\is-9RMVS.tmp\InstallManager.exe

Report Id: 93a29859-8235-11e5-9bcc-d8cb8a773444

Faulting package full name:

Faulting package-relative application ID:

Error: (11/03/2015 03:14:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.10240.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 201c

Start Time: 01d11641a3ac95f5

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: 2cefc55c-8235-11e5-9bcc-d8cb8a773444

Faulting package full name:

Faulting package-relative application ID:

Error: (11/03/2015 03:14:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DivXI.exe version 2.7.0.93 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b80

Start Time: 01d11641af95f22b

Termination Time: 4294967295

Application Path: C:\Users\CHIHAO~1\AppData\Local\Temp\DivXI.exe

Report Id: 28598bb0-8235-11e5-9bcc-d8cb8a773444

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (11/03/2015 03:51:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:51:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:43:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/03/2015 03:43:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHIHAO~1\AppData\Local\Temp\ehdrv.sys

Error: (11/03/2015 03:43:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/03/2015 03:43:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHIHAO~1\AppData\Local\Temp\ehdrv.sys

Error: (11/03/2015 03:43:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/03/2015 03:43:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHIHAO~1\AppData\Local\Temp\ehdrv.sys

Error: (11/03/2015 03:43:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/03/2015 03:43:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHIHAO~1\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2015-11-03 15:12:17.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 15:12:16.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 15:12:16.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 15:12:16.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 15:12:16.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 13%
Total physical RAM: 16332.61 MB
Available physical RAM: 14110.57 MB
Total Virtual: 18764.61 MB
Available Virtual: 16420.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.33 GB) (Free:189.61 GB) NTFS
Drive d: (Western Digital Red) (Fixed) (Total:2794.39 GB) (Free:1592.89 GB) NTFS
Drive e: (Western Digital Black) (Fixed) (Total:1862.89 GB) (Free:1821.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 03 November 2015 - 02:05 PM

Hello Chi Hao and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
   
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 03 November 2015 - 03:59 PM

Hi Chi Hao,
 
Please do the following,
 
Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Popcorn Time
  • C:\Program Files (x86)\Popcorn Time

After completing uninstalls, please manually reboot your machine!
:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.
 
Step 1:
FRST Script:

  • Please make sure your browsers are closed before continuing.
  • Be sure to temporarily disable all antivirus/anti-spyware softwares

Please download this attached Attached File  Fixlist.txt   4.51KB   13 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 Chi Hao

Chi Hao
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 03 November 2015 - 04:25 PM

Hi Yilmaz,

Here are the logs:

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Chi Hao (2015-11-03 22:06:02) Run:1
Running from C:\Users\Chi Hao\Desktop
Loaded Profiles: Chi Hao (Available Profiles: Chi Hao)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
HKLM-x32\...\Run: [chromebrowser] => "C:\Windows\chromebrowser.exe"
C:\Program Files (x86)\Popcorn Time\Updater.exe
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\MountPoints2: F - "F:\setup.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => No File
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 cpuz138; C:\Users\Chi Hao\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2015-09-30] (CPUID)
2015-11-03 15:16 - 2015-11-03 15:16 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-03 15:15 - 2015-11-03 15:35 - 00000378 ____H C:\Windows\Tasks\YHYOYECBLBONYJAV.job
2015-11-03 15:15 - 2015-11-03 15:15 - 00003458 _____ C:\Windows\System32\Tasks\YHYOYECBLBONYJAV
2015-11-03 15:15 - 2015-11-03 15:15 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2015-11-03 15:14 - 2015-11-03 15:35 - 00001056 _____ C:\Windows\Tasks\RKDtiZu7NRNNRUJdmvAt3i.job
C:\Users\Chi Hao\AppData\Roaming\RKDtiZu7NRNNRUJdmvAt3i
2015-11-03 15:14 - 2015-11-03 15:19 - 00000000 ____D C:\Program Files (x86)\globalUpdate
C:\Windows\System32\Tasks\RKDtiZu7NRNNRUJdmvAt3i
C:\Users\Chi Hao\AppData\Local\globalUpdate
C:\Windows\system32\Drivers\etc\hp.bak
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Chi Hao\AppData\Local\ComBroadcaster
C:\Users\Public\Desktop\Popcorn Time.lnk
C:\Users\Chi Hao\Downloads\PopcornTime
2015-11-03 14:58 - 2015-11-03 14:59 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2015-11-03 14:57 - 2015-11-03 14:58 - 48332813 _____ (Popcorn Time ) C:\Users\Chi Hao\Desktop\PopcornTime-latest.exe
2015-11-03 00:27 - 2015-11-03 00:27 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Trine1
C:\Users\Chi Hao\AppData\Roaming\PowerISO
C:\Users\Chi Hao\AppData\Roaming\Azureus
C:\Users\Chi Hao\AppData\Local\Driver_LOM_8161Present.flag
C:\Users\Chi Hao\AppData\Local\Temp\7za.exe
C:\Users\Chi Hao\AppData\Local\Temp\Command Center.exe
C:\Users\Chi Hao\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Chi Hao\AppData\Local\Temp\DivXI.exe
C:\Users\Chi Hao\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpddevtv.dll
C:\Users\Chi Hao\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgziahi.dll
C:\Users\Chi Hao\AppData\Local\Temp\dxdiag.exe
C:\Users\Chi Hao\AppData\Local\Temp\Fix.exe
C:\Users\Chi Hao\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chi Hao\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Chi Hao\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Chi Hao\AppData\Local\Temp\nvStInst.exe
C:\Users\Chi Hao\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Chi Hao\AppData\Local\Temp\sfextra.dll
Task: {65667FD9-894D-451C-92A5-357B065BAF87} - \bvxvgxvyy -> No File <==== ATTENTION
Task: {76589784-22E2-4CD3-9341-41017B332021} - System32\Tasks\YHYOYECBLBONYJAV => C:\ProgramData\Service3232\Service3232.exe <==== ATTENTION
Task: {F81C4E58-F039-4377-9E7C-EB0682469E20} - System32\Tasks\RKDtiZu7NRNNRUJdmvAt3i => C:\Users\Chi Hao\AppData\Roaming\RKDtiZu7NRNNRUJdmvAt3i.exe <==== ATTENTION
Task: C:\Windows\Tasks\RKDtiZu7NRNNRUJdmvAt3i.job => C:\Users\Chi Hao\AppData\Roaming\RKDtiZu7NRNNRUJdmvAt3i.exe <==== ATTENTION
Task: C:\Windows\Tasks\YHYOYECBLBONYJAV.job => C:\ProgramData\Service3232\Service3232.exe <==== ATTENTION
HKLM\...\StartupApproved\Run32: => "chromebrowser"
FirewallRules: [{D78439A4-3404-40DB-9587-0244CBF2F67E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{DF44C2BA-3296-420E-BFDB-A82B67C607AF}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{F587006A-78C2-4379-863B-4CB88CC537D0}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{28EEFF20-B345-4E13-8E13-220A83811E80}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{0BE377D7-1147-454E-9F6F-F077402CE35A}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{A38000D3-D3A5-4E77-A180-719AAFAE9C9F}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
cmd: dir /s C:\Users\Chi Hao\Desktop\CDY.15.15.rmvb
cmd: dir /s C:\ProgramData\icsxml
cmd: dir /s C:\ProgramData\DIBsection
cmd: xcopy C:\Windows\Minidump\* E:\Minidump\ /s /e /c /y
cmd: netsh winsock reset
EmptyTemp:
Hosts:
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\chromebrowser => value not found.
C:\Program Files (x86)\Popcorn Time\Updater.exe => moved successfully
"HKU\S-1-5-21-72143614-443022322-935499458-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value data removed successfully.
Update service => service removed successfully
cpuz138 => service removed successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
C:\Windows\Tasks\YHYOYECBLBONYJAV.job => moved successfully
C:\Windows\System32\Tasks\YHYOYECBLBONYJAV => moved successfully
C:\ProgramData\19a87fa1ec024bbcbb41931263354405 => moved successfully
C:\Windows\Tasks\RKDtiZu7NRNNRUJdmvAt3i.job => moved successfully
C:\Users\Chi Hao\AppData\Roaming\RKDtiZu7NRNNRUJdmvAt3i => moved successfully
C:\Program Files (x86)\globalUpdate => moved successfully
C:\Windows\System32\Tasks\RKDtiZu7NRNNRUJdmvAt3i => moved successfully
C:\Users\Chi Hao\AppData\Local\globalUpdate => moved successfully
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully
"C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat" => not found.
C:\Users\Chi Hao\AppData\Local\ComBroadcaster => moved successfully
"C:\Users\Public\Desktop\Popcorn Time.lnk" => not found.
C:\Users\Chi Hao\Downloads\PopcornTime => moved successfully
C:\Program Files (x86)\Popcorn Time => moved successfully
C:\Users\Chi Hao\Desktop\PopcornTime-latest.exe => moved successfully
C:\Users\Chi Hao\AppData\Roaming\Trine1 => moved successfully
C:\Users\Chi Hao\AppData\Roaming\PowerISO => moved successfully

"C:\Users\Chi Hao\AppData\Roaming\Azureus" folder move:

Could not move "C:\Users\Chi Hao\AppData\Roaming\Azureus" => Scheduled to move on reboot.

C:\Users\Chi Hao\AppData\Local\Driver_LOM_8161Present.flag => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\7za.exe => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\Command Center.exe => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\DefaultPack.EXE => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\DivXI.exe => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpddevtv.dll => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgziahi.dll => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\dxdiag.exe => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\Fix.exe => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\sfamcc00001.dll => moved successfully
C:\Users\Chi Hao\AppData\Local\Temp\sfextra.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65667FD9-894D-451C-92A5-357B065BAF87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65667FD9-894D-451C-92A5-357B065BAF87}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvgxvyy => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76589784-22E2-4CD3-9341-41017B332021}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76589784-22E2-4CD3-9341-41017B332021}" => key removed successfully
C:\Windows\System32\Tasks\YHYOYECBLBONYJAV => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YHYOYECBLBONYJAV" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F81C4E58-F039-4377-9E7C-EB0682469E20}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F81C4E58-F039-4377-9E7C-EB0682469E20}" => key removed successfully
C:\Windows\System32\Tasks\RKDtiZu7NRNNRUJdmvAt3i => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RKDtiZu7NRNNRUJdmvAt3i" => key removed successfully
C:\Windows\Tasks\RKDtiZu7NRNNRUJdmvAt3i.job => not found.
C:\Windows\Tasks\YHYOYECBLBONYJAV.job => not found.
HKLM\...\StartupApproved\Run32: => "chromebrowser" => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D78439A4-3404-40DB-9587-0244CBF2F67E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF44C2BA-3296-420E-BFDB-A82B67C607AF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F587006A-78C2-4379-863B-4CB88CC537D0} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28EEFF20-B345-4E13-8E13-220A83811E80} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0BE377D7-1147-454E-9F6F-F077402CE35A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A38000D3-D3A5-4E77-A180-719AAFAE9C9F} => value not found.

=========  dir /s C:\Users\Chi Hao\Desktop\CDY.15.15.rmvb =========

The system cannot find the path specified.

========= End of CMD: =========


=========  dir /s C:\ProgramData\icsxml =========

 Volume in drive C has no label.
 Volume Serial Number is DC0F-6A62

 Directory of C:\ProgramData\icsxml

21/10/2015  18:05               616 51205015150f5b191956ec0.63379027
               1 File(s)            616 bytes

     Total Files Listed:
               1 File(s)            616 bytes
               0 Dir(s)  203,087,069,184 bytes free

========= End of CMD: =========


=========  dir /s C:\ProgramData\DIBsection =========

 Volume in drive C has no label.
 Volume Serial Number is DC0F-6A62

 Directory of C:\ProgramData\DIBsection

21/10/2015  18:05                38 50215015150f5b191956ec0.63379027
               1 File(s)             38 bytes

     Total Files Listed:
               1 File(s)             38 bytes
               0 Dir(s)  203,087,069,184 bytes free

========= End of CMD: =========


=========  xcopy C:\Windows\Minidump\* E:\Minidump\ /s /e /c /y =========

File not found - *
0 File(s) copied

========= End of CMD: =========


=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 3.5 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-11-03 22:07:07)

C:\Users\Chi Hao\AppData\Roaming\Azureus => Is moved successfully

==== End of Fixlog 22:07:07 ====

# AdwCleaner v5.017 - Logfile created 03/11/2015 at 22:13:44
# Updated 03/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Chi Hao - DESKTOP-M2MK112
# Running from : C:\Users\Chi Hao\Desktop\adwcleaner_5.017.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Settings Manager
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}

***** [ Web browsers ] *****

[-] [C:\Users\Chi Hao\AppData\Roaming\Mozilla\Firefox\Profiles\6cqbfw3i.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Chi Hao\AppData\Roaming\Mozilla\Firefox\Profiles\6cqbfw3i.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1403 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Pro x64
Ran by Chi Hao on 03/11/2015 at 22:15:44.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Chi Hao\AppData\Roaming\mozilla\firefox\profiles\6cqbfw3i.default\prefs.js

user_pref(browser.search.searchengine.alias, istartsurf);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.istartsurf.com/favicon.ico);
user_pref(browser.search.searchengine.name, istartsurf);
user_pref(browser.search.searchengine.ptid, obw);
user_pref(browser.search.searchengine.uid, WDCXWD30EFRX-68EUZN0_WD-WCC4N2JS1N8SS1N8S);
user_pref(browser.search.searchengine.url, hxxp://www.istartsurf.com/web/?type=ds&ts=1446560140&z=a4b4e100215ac980bd02737gcz9z8q2w5wct8bbm4g&from=obw&uid=WDCXWD30EFRX-68EUZ





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/11/2015 at 22:16:41.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 03/11/2015
Scan Time: 22:17
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.03.08
Rootkit Database: v2015.10.28.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Chi Hao

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325843
Time Elapsed: 4 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.SmartPurple, HKLM\SOFTWARE\SmartPurpleConf, Quarantined, [d0d47108b3d8cb6b7326ba11649f26da],
PUP.Optional.SmartPurple, HKLM\SOFTWARE\WOW6432NODE\SmartPurpleConf, Quarantined, [653f1069a0eb1125cecb0ac107fcd22e],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 03 November 2015 - 05:44 PM

Hi Chi Hao,

 

Is there any a recuperation ??
----------------------------------------------

C:\Users\Chi Hao\Desktop\CDY.15.15.rmvb
C:\Users\Chi Hao\Desktop\CDY.15.17.rmvb
C:\Users\Chi Hao\Desktop\CDY.15.16.rmvb
C:\Users\Chi Hao\Desktop\CDY.15.14.rmvb

What are these files ???

----------------------------------------------------------------------------
Chrome Cleanup Tool run:
https://www.google.com/chrome/cleanup-tool/

------------------------------------------------------------------

 

icon_zps423a0d9f.jpgPlease download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

-----------------------------------------------------------------------------------------------------------------------------------------

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear
Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;

emptyfolderscheck;delete
ielook;
firefoxlook;
chromelook;

ipconfig /flushdns;b

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Chi Hao

Chi Hao
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 03 November 2015 - 06:05 PM

Hey Yilmaz,

 

Pc seems to work fine, but that was the case too before all the scanning and fixing. Those 4 files are series that I am watching haha. They are video files. Here are the logs:

 

[1103/234747:WARNING:chrome_util.cc(268)] Can't find Chrome registration information.
[1103/234747:INFO:scoped_logging.cc(67)] Log file: C:\Users\Chi Hao\AppData\Local\Google\Chrome Cleanup Tool\chrome_cleanup_tool.log
 

 

 

 

 

~ ZHPCleaner v2015.11.2.372 by Nicolas Coolman (2015/11/02)
~ Run by Chi Hao (Administrator)  (03/11/2015 23:52:36)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Chi Hao\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Chi Hao\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 10240)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (13)
MOVED file: C:\Windows\Prefetch\PREDM.EXE-6A5D31A4.pf    =>PUP.Optional.Downware
MOVED file: C:\Windows\Prefetch\UPOSPD_US_013010134.EXE-C02A4CB8.pf    =>PUP.Optional.CrossRider
MOVED folder: C:\Windows\Installer\MSI33AB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3458.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI417B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4258.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA8B6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAA21.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIACD9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAD57.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIBAC7.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIBBC3.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID1F2.tmp-  =>Empty


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 645
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 13


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-03112015-23_52_39.txt
ZHPCleaner-[S]-03112015-23_52_05.txt
 

 

 

 

 

Zoek.exe v5.0.0.1 Updated 03-November-2015
Tool run by Chi Hao on 03/11/2015 at 23:53:14.51.
Microsoft Windows 10 Pro 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Chi Hao\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

03/11/2015 23:54:36 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Chi Hao\AppData\Local\icsxml deleted successfully
C:\Users\Chi Hao\AppData\Local\ms-drivers deleted successfully
C:\Users\Chi Hao\AppData\Local\Opera Software deleted successfully
C:\Users\Chi Hao\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\CHIHAO~1\AppData\Roaming\Mozilla\Firefox\Profiles\6cqbfw3i.default
user_pref("browser.startup.homepage", "about:home");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Chi Hao\AppData\Roaming\Mozilla\Firefox\Profiles\6cqbfw3i.default
18CF51689186AEB9D1D149AEB0E92D03    - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -    Microsoft Office 2013
9291708CCD967887AF94BE708B43D64D    - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -    Microsoft Office 2013
863AF0003392FEBC2667A8A790DED955    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll -    Shockwave Flash


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Chi Hao\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Chi Hao\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Chi Hao\AppData\Local\Mozilla\Firefox\Profiles\6cqbfw3i.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=10 folders=7 44970403 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\CHIHAO~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 04/11/2015 at  0:01:11.83 ======================
 



#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 03 November 2015 - 06:33 PM

Perfect,

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

----------------------------------------------------------------------------------------------------------------------------------------

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Chi Hao

Chi Hao
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 03 November 2015 - 07:33 PM

Here are the logs:

 

RogueKiller V10.11.4.0 (x64) [Nov  2 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Chi Hao [Administrator]
Started from : C:\Users\Chi Hao\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 11/04/2015 00:44:35

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 1907600 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2:  +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 237909 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

 

 

E:\Games storage\Torchlight.II.Update.14-RELOADED\Crack\steam_api.dll    a variant of Win32/HackTool.Crack.BQ potentially unsafe application    cleaned by deleting - quarantined



#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 04 November 2015 - 08:33 AM

E:\Games storage\Torchlight.II.Update.14-RELOADED\Crack\steam_api.dll    a variant of Win32/HackTool.Crack.BQ potentially unsafe application    cleaned by deleting - quarantined

 

Crack and keygen !
This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, BC does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

===========================================================================================================

 

Please post  a fresh Frst Logfile for my check. (Frst.txt and Additional.txt)

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Chi Hao

Chi Hao
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 08:43 AM

Hi there, I've removed the file as requested.

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Chi Hao (administrator) on DESKTOP-M2MK112 (04-11-2015 14:41:09)
Running from C:\Users\Chi Hao\Desktop\Scanners
Loaded Profiles: Chi Hao (Available Profiles: Chi Hao)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\Smart Utilities\SuperRAIDSvc.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Azureus Software, Inc) D:\Vuze\Azureus.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521472 2015-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2015-09-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2015-08-03] (MSI)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Run: [MurGee.com Auto Clicker] => C:\Users\Chi Hao\AppData\Roaming\Auto Clicker\AutoClicker.exe [120304 2015-03-29] (MurGee.com)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Run: [Spotify Web Helper] => C:\Users\Chi Hao\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-10-02] (Spotify Ltd)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Run: [Spotify] => C:\Users\Chi Hao\AppData\Roaming\Spotify\Spotify.exe [7571000 2015-10-02] (Spotify Ltd)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\RunOnce: [Uninstall C:\Users\Chi Hao\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Chi Hao\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-11-03]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{966d0704-fa42-481c-b904-782b404d58ae}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-72143614-443022322-935499458-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-02] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Chi Hao\AppData\Roaming\Mozilla\Firefox\Profiles\6cqbfw3i.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-10-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-02] (Dropbox, Inc.)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [34984 2015-09-03] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-08] (Rivet Networks) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2106832 2015-06-29] (MSI)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4048336 2015-08-13] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2123216 2015-07-08] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4177360 2015-07-07] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2002896 2015-07-28] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2285008 2015-09-07] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2072528 2015-06-29] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [599504 2015-07-28] (MSI)
R2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-28] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1768912 2015-09-11] (Micro-Star INT'L CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [29648 2015-02-10] (Micro-Star INT'L CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19216 2015-07-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [114736 2015-07-07] (Rivet Networks, LLC.)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-11] (Disc Soft Ltd)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-09-30] ()
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [124464 2015-04-27] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-30] (Intel Corporation)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-18] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-24] (Intel Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 14:00 - 2015-11-04 14:37 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Azureus
2015-11-04 13:41 - 2015-11-04 13:41 - 00016148 _____ C:\Windows\system32\DESKTOP-M2MK112_Chi Hao_HistoryPrediction.bin
2015-11-04 00:44 - 2015-11-04 14:41 - 00000000 ____D C:\Users\Chi Hao\Desktop\Scanners
2015-11-04 00:40 - 2015-11-04 00:40 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-04 00:39 - 2015-11-04 00:46 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-04 00:39 - 2015-11-04 00:39 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-04 00:00 - 2015-11-03 23:53 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-11-03 23:54 - 2015-11-04 00:01 - 00004514 _____ C:\zoek-results.log
2015-11-03 23:53 - 2015-11-03 23:59 - 00000000 ____D C:\zoek_backup
2015-11-03 23:49 - 2015-11-03 23:52 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\ZHP
2015-11-03 23:47 - 2015-11-03 23:47 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Google
2015-11-03 22:13 - 2015-11-03 22:13 - 00000000 ____D C:\AdwCleaner
2015-11-03 15:50 - 2015-11-04 14:41 - 00000000 ____D C:\FRST
2015-11-03 15:18 - 2015-11-03 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2015-11-03 15:14 - 2015-11-03 15:15 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Opera Software
2015-11-03 15:14 - 2015-11-03 15:14 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\DivX
2015-11-03 15:14 - 2015-11-03 15:14 - 00000000 ____D C:\Program Files\DivX
2015-11-03 15:13 - 2015-11-03 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-11-03 15:13 - 2015-11-03 15:13 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-03 15:12 - 2015-11-03 15:14 - 00000000 ____D C:\ProgramData\DivX
2015-10-30 00:21 - 2015-10-28 00:38 - 21871616 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-10-30 00:21 - 2015-10-28 00:16 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-10-30 00:21 - 2015-10-21 13:45 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-10-30 00:21 - 2015-10-21 13:44 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-10-30 00:21 - 2015-10-21 13:43 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-10-30 00:21 - 2015-10-21 13:39 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-30 00:21 - 2015-10-21 13:00 - 24595968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-30 00:21 - 2015-10-21 13:00 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-10-30 00:21 - 2015-10-21 12:59 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2015-10-30 00:21 - 2015-10-21 12:57 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-10-30 00:21 - 2015-10-21 12:52 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-10-30 00:21 - 2015-10-21 12:50 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2015-10-30 00:21 - 2015-10-21 12:48 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-10-30 00:21 - 2015-10-21 12:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2015-10-30 00:21 - 2015-10-21 12:46 - 02179584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-10-30 00:21 - 2015-10-21 12:46 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-30 00:21 - 2015-10-21 12:44 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2015-10-30 00:21 - 2015-10-21 12:44 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-10-30 00:21 - 2015-10-21 12:43 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2015-10-30 00:21 - 2015-10-21 12:42 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2015-10-30 00:21 - 2015-10-21 12:41 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-10-30 00:21 - 2015-10-21 12:40 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2015-10-30 00:21 - 2015-10-21 12:38 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2015-10-30 00:21 - 2015-10-21 06:53 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-10-30 00:21 - 2015-10-21 06:49 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-30 00:21 - 2015-10-21 06:13 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-30 00:21 - 2015-10-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-10-30 00:21 - 2015-10-21 06:08 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-10-30 00:21 - 2015-10-21 06:05 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-10-30 00:21 - 2015-10-21 06:03 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-30 00:21 - 2015-10-21 06:03 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2015-10-30 00:21 - 2015-10-21 05:58 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2015-10-30 00:21 - 2015-10-21 05:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2015-10-30 00:21 - 2015-10-21 05:55 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2015-10-21 19:31 - 2015-10-23 00:54 - 00024648 _____ C:\Users\Chi Hao\Desktop\footy.xlsx
2015-10-21 18:05 - 2015-10-21 18:05 - 00000000 __SHD C:\ProgramData\icsxml
2015-10-21 18:05 - 2015-10-21 18:05 - 00000000 __SHD C:\ProgramData\DIBsection
2015-10-21 18:05 - 2015-10-21 18:05 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Maverick Software
2015-10-21 18:04 - 2015-10-21 18:04 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Maverick Software
2015-10-21 18:04 - 2015-10-21 18:04 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Maverick_Software
2015-10-21 18:03 - 2015-11-03 15:25 - 00003111 _____ C:\Users\Chi Hao\Desktop\SoccerStato.lnk
2015-10-21 18:03 - 2015-11-03 15:25 - 00003065 _____ C:\Users\Chi Hao\AppData\Roaming\Microsoft\Windows\Start Menu\SoccerStato.lnk
2015-10-21 18:03 - 2015-10-21 18:03 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoccerStato
2015-10-21 18:03 - 2015-10-21 18:03 - 00000000 ____D C:\ProgramData\Maverick Software
2015-10-21 18:03 - 2015-10-21 18:03 - 00000000 ____D C:\Program Files (x86)\Maverick Software
2015-10-21 16:13 - 2015-10-21 16:13 - 00000000 _____ C:\Users\Chi Hao\Sti_Trace.log
2015-10-21 16:11 - 2015-10-21 16:11 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-10-21 16:11 - 2015-10-21 16:11 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\Canon
2015-10-21 16:10 - 2015-10-21 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-21 16:10 - 2015-10-21 16:10 - 00000000 ____D C:\Program Files (x86)\Canon
2015-10-21 16:09 - 2015-10-21 16:09 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-10-21 16:09 - 2015-10-21 16:09 - 00000000 ___HD C:\Program Files\CanonBJ
2015-10-21 16:09 - 2015-10-21 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
2015-10-21 16:09 - 2012-03-14 04:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMXLMAA.DLL
2015-10-21 00:47 - 2015-10-21 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-16 01:25 - 2015-11-04 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-15 03:11 - 2015-10-15 03:11 - 00079322 _____ C:\Users\Chi Hao\Desktop\Jane00_99.MassEffectSave
2015-10-14 14:56 - 2015-10-10 08:12 - 00078528 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 14:56 - 2015-10-06 04:03 - 16708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-10-14 14:56 - 2015-10-06 03:46 - 13027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 14:56 - 2015-10-01 05:01 - 01294352 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 14:56 - 2015-10-01 05:01 - 01123400 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 14:56 - 2015-10-01 05:01 - 01018568 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 14:56 - 2015-10-01 05:01 - 00858408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-14 14:56 - 2015-10-01 05:00 - 08020320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 14:56 - 2015-10-01 04:03 - 00757760 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-14 14:56 - 2015-09-25 05:01 - 02573768 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-14 14:56 - 2015-09-25 05:01 - 00498016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-10-14 14:56 - 2015-09-25 04:56 - 22322624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 14:56 - 2015-09-25 04:52 - 00980832 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2015-10-14 14:56 - 2015-09-25 04:33 - 01997336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-10-14 14:56 - 2015-09-25 04:26 - 20858360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 14:56 - 2015-09-25 04:11 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2015-10-14 14:56 - 2015-09-25 04:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2015-10-14 14:56 - 2015-09-25 04:09 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 14:56 - 2015-09-25 04:07 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2015-10-14 14:56 - 2015-09-25 04:04 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 14:56 - 2015-09-25 04:04 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2015-10-14 14:56 - 2015-09-25 04:03 - 00796160 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2015-10-14 14:56 - 2015-09-25 04:03 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 14:56 - 2015-09-25 04:02 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-10-14 14:56 - 2015-09-25 04:02 - 00949248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 14:56 - 2015-09-25 04:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 14:56 - 2015-09-25 04:01 - 04792320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 14:56 - 2015-09-25 04:01 - 03586560 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-10-14 14:56 - 2015-09-25 04:00 - 01423872 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2015-10-14 14:56 - 2015-09-25 04:00 - 01382400 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-10-14 14:56 - 2015-09-25 04:00 - 00856576 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2015-10-14 14:56 - 2015-09-25 04:00 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 01205248 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2015-10-14 14:56 - 2015-09-25 03:59 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2015-10-14 14:56 - 2015-09-25 03:58 - 01871360 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-14 14:56 - 2015-09-25 03:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2015-10-14 14:56 - 2015-09-25 03:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 14:56 - 2015-09-25 03:38 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 14:56 - 2015-09-25 03:38 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 14:56 - 2015-09-25 03:38 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2015-10-14 14:56 - 2015-09-25 03:38 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 14:56 - 2015-09-25 03:37 - 00766976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 14:56 - 2015-09-25 03:37 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2015-10-14 14:56 - 2015-09-25 03:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 14:56 - 2015-09-25 03:36 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 14:56 - 2015-09-25 03:36 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-10-14 14:56 - 2015-09-25 03:34 - 00928256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2015-10-14 14:56 - 2015-09-25 03:34 - 00625152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2015-10-14 14:56 - 2015-09-25 03:34 - 00579584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2015-10-14 14:56 - 2015-09-25 03:34 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2015-10-14 14:56 - 2015-09-25 03:34 - 00525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2015-10-14 14:56 - 2015-09-25 03:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2015-10-14 14:56 - 2015-09-25 03:32 - 01594368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-10-14 14:56 - 2015-09-25 03:32 - 00466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2015-10-13 01:33 - 2015-11-03 22:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-11 23:35 - 2015-10-11 23:35 - 00000000 ____D C:\Users\Chi Hao\Documents\BioWare
2015-10-11 23:34 - 2015-11-03 15:25 - 00001147 _____ C:\Users\Chi Hao\Desktop\MassEffect - Shortcut.lnk
2015-10-11 23:30 - 2015-10-11 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-10-11 23:30 - 2015-10-11 23:30 - 00000000 ____D C:\Program Files\PowerISO
2015-10-11 23:30 - 2015-06-08 03:59 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2015-10-11 23:27 - 2015-10-11 23:27 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2015-10-11 23:27 - 2015-10-11 23:27 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Disc_Soft_Ltd
2015-10-11 23:26 - 2015-10-11 23:26 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-10-11 23:16 - 2015-10-11 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
2015-10-11 23:12 - 2015-10-11 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-11 23:11 - 2015-10-11 23:11 - 00113953 _____ C:\Windows\DirectX.log
2015-10-11 23:11 - 2015-10-11 23:11 - 00000000 ____D C:\Program Files (x86)\Disc Soft
2015-10-11 23:11 - 2006-09-28 15:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-10-11 23:11 - 2006-09-28 15:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-10-11 23:11 - 2006-09-28 15:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-10-11 23:11 - 2006-09-28 15:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-10-11 23:11 - 2006-09-28 15:04 - 00091928 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-10-11 23:11 - 2006-09-28 15:04 - 00068888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-10-11 23:11 - 2006-09-28 15:03 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-10-11 23:11 - 2006-09-28 15:03 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-10-11 23:11 - 2006-07-28 08:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-10-11 23:11 - 2006-07-28 08:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-10-11 23:11 - 2006-07-28 08:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-10-11 23:11 - 2006-07-28 08:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-10-11 23:11 - 2006-05-31 06:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-10-11 23:11 - 2006-05-31 06:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-10-11 23:11 - 2006-03-31 11:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-10-11 23:11 - 2006-03-31 11:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-10-11 23:11 - 2006-03-31 11:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-10-11 23:11 - 2006-03-31 11:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-10-11 23:11 - 2006-03-31 11:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-10-11 23:11 - 2006-03-31 11:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-10-11 23:11 - 2006-02-03 07:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-10-11 23:11 - 2006-02-03 07:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-10-11 23:11 - 2006-02-03 07:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-10-11 23:11 - 2006-02-03 07:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-10-11 23:11 - 2006-02-03 07:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-10-11 23:11 - 2006-02-03 07:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-10-11 23:11 - 2005-12-05 17:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-10-11 23:11 - 2005-12-05 17:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-10-11 23:11 - 2005-07-22 18:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-10-11 23:11 - 2005-07-22 18:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-10-11 23:11 - 2005-05-26 14:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-10-11 23:11 - 2005-05-26 14:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-10-11 23:11 - 2005-03-18 16:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-10-11 23:11 - 2005-03-18 16:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-10-11 23:11 - 2005-02-05 18:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-10-11 23:11 - 2005-02-05 18:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-10-11 23:10 - 2015-10-11 23:26 - 00000000 ____D C:\Users\Chi Hao\AppData\Roaming\DAEMON Tools Lite
2015-10-11 23:09 - 2015-10-11 23:10 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-10-11 16:22 - 2015-10-11 16:24 - 308853852 _____ C:\Users\Chi Hao\Desktop\CDY.15.15.rmvb
2015-10-11 16:22 - 2015-10-11 16:24 - 305660896 _____ C:\Users\Chi Hao\Desktop\CDY.15.17.rmvb
2015-10-11 16:22 - 2015-10-11 16:24 - 295128636 _____ C:\Users\Chi Hao\Desktop\CDY.15.16.rmvb
2015-10-11 16:22 - 2015-10-11 16:23 - 305333218 _____ C:\Users\Chi Hao\Desktop\CDY.15.14.rmvb
2015-10-07 16:36 - 2015-10-07 16:37 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2015-10-07 16:32 - 2015-10-07 16:32 - 00000000 ____D C:\Program Files\Realtek
2015-10-07 16:32 - 2015-08-27 22:36 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 03233472 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 02988288 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 01976560 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 01744600 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 01347808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00645464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00576280 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00533904 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00410040 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00388840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00332088 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00323240 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00223496 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00216352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00211064 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00196712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00167728 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00112512 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-10-07 16:32 - 2015-08-27 22:36 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-10-07 16:32 - 2015-08-27 22:33 - 04589312 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-10-07 16:32 - 2015-08-27 22:33 - 02999024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-10-07 16:32 - 2015-08-27 22:33 - 02711296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-10-07 16:32 - 2015-08-27 22:33 - 02051704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-10-07 16:32 - 2015-08-27 22:33 - 01761024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-10-07 16:32 - 2015-08-27 22:33 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-10-07 16:32 - 2015-08-27 22:33 - 00041096 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2015-10-07 16:32 - 2015-08-27 22:33 - 00025224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-10-07 16:32 - 2015-08-27 19:20 - 03686140 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-10-07 16:31 - 2015-06-09 00:13 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-10-07 06:17 - 2015-10-16 04:10 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-07 06:17 - 2015-10-16 04:10 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-07 06:06 - 2013-02-08 10:04 - 00000000 _____ C:\RAMDiskImage.img
2015-10-05 22:45 - 2015-10-05 22:45 - 00248320 _____ (CANON INC.) C:\Windows\system32\CNMIUAA.DLL
2015-10-05 22:45 - 2015-10-05 22:45 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-10-05 22:45 - 2012-03-14 04:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAA.DLL
2015-10-05 22:44 - 2015-10-05 22:44 - 00103424 _____ (Canon Inc.) C:\Windows\system32\CNC280O.dll
2015-10-05 22:44 - 2012-07-04 10:55 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNC280C.dll
2015-10-05 22:44 - 2012-07-04 10:55 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC280I.dll
2015-10-05 22:44 - 2012-07-04 10:29 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC280U.dll
2015-10-05 22:44 - 2010-03-18 18:26 - 00348672 _____ (CANON INC.) C:\Windows\system32\CNC280L.dll
2015-10-05 22:44 - 2010-03-18 18:25 - 00307200 _____ (CANON INC.) C:\Windows\SysWOW64\CNC280L.dll
2015-10-05 22:44 - 2009-11-13 13:38 - 00012800 _____ C:\Windows\SysWOW64\CNC1746D.TBL
2015-10-05 22:44 - 2008-08-25 17:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-10-05 22:44 - 2008-08-25 17:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 14:38 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\sru
2015-11-04 14:30 - 2015-10-02 21:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-04 13:46 - 2015-10-02 16:41 - 00000942 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-04 13:37 - 2015-10-02 16:40 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-04 08:57 - 2015-07-10 13:22 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-11-04 00:07 - 2015-09-25 05:08 - 00876942 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-04 00:01 - 2015-09-30 13:09 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-04 00:01 - 2015-09-25 05:01 - 00037142 _____ C:\Windows\PFRO.log
2015-11-04 00:01 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-04 00:00 - 2015-07-10 10:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2015-11-03 22:12 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness
2015-11-03 15:26 - 2015-07-10 14:12 - 00000000 ____D C:\Windows\OCR
2015-11-03 15:26 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-03 15:25 - 2015-10-02 17:54 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-03 15:25 - 2015-10-02 17:54 - 00002118 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-03 15:25 - 2015-10-02 17:43 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-03 15:25 - 2015-10-02 17:43 - 00001866 _____ C:\Users\Chi Hao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-11-03 15:25 - 2015-10-02 17:43 - 00001860 _____ C:\Users\Chi Hao\Desktop\Spotify.lnk
2015-11-03 15:25 - 2015-10-02 16:42 - 00001283 _____ C:\Users\Chi Hao\Desktop\Dropbox.lnk
2015-11-03 15:25 - 2015-10-02 16:02 - 00000611 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-11-03 15:25 - 2015-10-02 16:02 - 00000611 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-11-03 15:25 - 2015-10-02 15:58 - 00001161 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-03 15:25 - 2015-10-02 15:57 - 00000901 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-03 15:25 - 2015-10-02 15:05 - 00000754 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2015-11-03 15:25 - 2015-09-30 14:20 - 00002094 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2015-11-03 15:25 - 2015-09-30 13:17 - 00001212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-03 15:25 - 2015-09-30 13:17 - 00001206 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-03 15:25 - 2015-09-30 00:18 - 00001964 _____ C:\Users\Chi Hao\Desktop\League of Legends.lnk
2015-11-03 15:25 - 2015-09-25 05:07 - 00002334 _____ C:\Users\Chi Hao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-03 15:19 - 2015-10-02 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-03 15:19 - 2015-10-02 15:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-03 14:59 - 2015-09-25 05:06 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\VirtualStore
2015-11-02 01:08 - 2015-10-02 15:03 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Battle.net
2015-11-01 17:47 - 2015-10-02 17:54 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 20:01 - 2009-12-01 09:01 - 00328926 _____ C:\Users\Chi Hao\Desktop\toto.xlsx
2015-10-30 13:35 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp
2015-10-30 00:38 - 2009-08-15 15:14 - 00000974 _____ C:\Users\Chi Hao\Desktop\Games to dl.txt
2015-10-27 22:09 - 2015-10-02 17:53 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-21 19:07 - 2015-09-25 05:06 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Packages
2015-10-21 16:13 - 2015-09-25 05:06 - 00000000 ____D C:\Users\Chi Hao
2015-10-21 16:12 - 2015-09-30 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-21 00:47 - 2015-10-02 16:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-17 14:33 - 2015-10-02 03:46 - 00000000 ____D C:\Windows\system32\MRT
2015-10-17 14:32 - 2015-10-02 03:46 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 22:37 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\NDF
2015-10-14 14:30 - 2015-10-02 21:30 - 00003816 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-11 20:14 - 2015-10-02 16:40 - 00000000 ____D C:\Users\Chi Hao\AppData\Local\Dropbox
2015-10-07 16:32 - 2015-09-30 13:57 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-10-07 16:32 - 2015-09-30 13:14 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-10-07 16:32 - 2015-09-30 13:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-07 16:32 - 2015-07-10 13:20 - 00010170 _____ C:\Windows\setupact.log
2015-10-07 06:16 - 2015-07-10 13:20 - 00340032 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-07 06:13 - 2015-07-10 14:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\SysWOW64\F12
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\system32\F12
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\oobe
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\Provisioning
2015-10-07 06:13 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\L2Schemas
2015-10-07 06:13 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-10-07 06:13 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\system32\Dism
2015-10-07 06:07 - 2015-09-30 14:20 - 00000000 ____D C:\MSI
2015-10-07 06:06 - 2015-09-30 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-10-07 06:06 - 2015-09-30 14:20 - 00000000 ____D C:\Program Files (x86)\MSI
2015-10-05 22:45 - 2015-07-10 12:04 - 00000000 __RSD C:\Windows\Media
2015-10-05 22:38 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-10-05 09:50 - 2015-10-02 15:58 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-10-02 15:58 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-10-02 15:58 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

Some files in TEMP:
====================
C:\Users\Chi Hao\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Chi Hao\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-03 16:06

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Chi Hao (2015-11-04 14:41:29)
Running from C:\Users\Chi Hao\Desktop\Scanners
Windows 10 Pro (X64) (2015-09-25 04:05:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-72143614-443022322-935499458-500 - Administrator - Disabled)
Chi Hao (S-1-5-21-72143614-443022322-935499458-1001 - Administrator - Enabled) => C:\Users\Chi Hao
DefaultAccount (S-1-5-21-72143614-443022322-935499458-503 - Limited - Disabled)
Guest (S-1-5-21-72143614-443022322-935499458-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Auto Clicker v1.9 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 1.9 - MurGee.com)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Corsair Hydro Series 7289 USB Device (Driver Removal) (HKLM-x32\...\HYDROS7289&1B1C&0C02) (Version:  - Corsair Components, Inc.)
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 3.2.5695 - Corsair)
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Rivet Networks)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 nl) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 nl)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.02 - MSI)
MSI ECO Center (HKLM-x32\...\{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1) (Version: 1.0.0.35 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 5.0.0.20 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.008 - MSI)
MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.11 - MSI)
MSI® Intel® Extreme Tuning Utility (HKLM-x32\...\{482c7431-75e2-4124-a453-6a294cd2c6a4}) (Version: 6.0.2.101 - Intel Corporation)
MSI® Intel® Extreme Tuning Utility (x32 Version: 6.0.2.101 - Intel Corporation) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SoccerStato (HKLM-x32\...\{299646F1-4EEF-4ACE-89D5-CDBB00BE61CA}) (Version: 2.0.0 - Maverick Software)
Spotify (HKU\S-1-5-21-72143614-443022322-935499458-1001\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-10-2015 23:11:00 Installed DirectX
16-10-2015 13:50:05 Windows Update
20-10-2015 19:28:51 Windows Update
30-10-2015 13:34:52 Windows Update
03-11-2015 15:18:03 Removed Microsoft Silverlight
03-11-2015 22:06:03 Restore Point Created by FRST
03-11-2015 23:54:33 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-11-03 22:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00FFD333-6630-4032-8F42-49FAE2FC189A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-02] (Dropbox, Inc.)
Task: {3298C996-D24F-4C63-961E-27FA6C167447} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-05-06] (Intel Corporation)
Task: {43238097-1946-44F3-91F8-83220DA9ADF3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-02] (Dropbox, Inc.)
Task: {4F2E616B-37B7-44C5-8DCA-69347E5F1663} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {7E9649A0-59B1-476B-B159-FC1D2FB8FA77} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {9E059627-64C5-4DD3-88B7-C420D6097571} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {BBA541A2-3E1F-410D-8531-87A9DE056E09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {BC0E9A89-6809-481F-8789-FDE958B84DB3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-27] (Microsoft Corporation)
Task: {CC0CADD8-7718-4251-996E-3887EBCA1D97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D46344DA-5537-41CA-B4AF-72A32888B63F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {E394CE5D-C159-4B03-8769-565405A5451B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {E5E83D86-ECBE-4BF6-8927-9D0C4328E075} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe [2015-08-05] ()
Task: {EE701502-25BF-4E01-B58B-FA9AEAFB7429} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {FE2101E3-44BD-4E73-ACD7-4F1DA76D8A44} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-17] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-10-02 03:44 - 2015-07-15 03:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-10-02 03:45 - 2015-08-11 10:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-10-02 17:53 - 2015-10-07 19:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-30 13:09 - 2015-09-13 23:04 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-02 03:45 - 2015-09-17 07:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-10-02 03:45 - 2015-09-17 07:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-10-27 22:09 - 2015-09-01 17:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-02 03:45 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-02 03:45 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-02 03:44 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-02 03:45 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-02 03:45 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-10-02 16:02 - 2015-07-30 09:26 - 00097592 _____ () D:\Vuze\aereg64.dll
2015-09-30 14:20 - 2005-07-18 21:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2015-09-30 14:14 - 2015-08-27 01:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-72143614-443022322-935499458-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "chromebrowser"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "MurGee.com Auto Clicker"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-72143614-443022322-935499458-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A805EBD2-8A2B-40C6-9E81-D20786600BD7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{973359DB-F86B-412E-BD19-BDC9E9B3B924}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7EF98BE-2478-4C14-9587-CA43FF8734D0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C1981970-2B63-4203-9B56-51B5FFF53EEC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99500F4B-568B-41ED-BA61-A0E1CBBE742F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AEB199D0-0212-4905-B2E5-32133BE0A5D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EB26E9C5-A5A9-42B9-9C78-B45E6D856285}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D63E1FD1-73D6-48D1-97A7-AD91798509CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{452B7702-23FB-432A-B9AD-C56DAB43F682}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C94FFD83-31AA-405A-A541-FEBC336A22A1}] => (Allow) D:\Vuze\Azureus.exe
FirewallRules: [{D18B2221-73F0-4E8E-A801-D63D7187F4E6}] => (Allow) D:\Vuze\Azureus.exe
FirewallRules: [TCP Query User{811F2AF7-770F-469F-98E2-60E4D81EDBEE}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9D03C1AD-4561-41C5-A4FF-612239DC0726}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe
FirewallRules: [{87CBD2FB-6BF6-4324-B662-C43F76E25F0E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{DF01891F-06D9-4521-BA86-F6FF1FC262E0}C:\users\chi hao\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chi hao\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{55A81C47-497E-4215-8DA4-4C4234EA1A5C}C:\users\chi hao\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chi hao\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8CFB84A8-DFF7-4BE6-B677-2098657A664D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{064F3FEC-F894-4777-AEB8-31B2244DC27B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5F1F24AB-567D-444A-8D5F-1E3A87906BDC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1A74C07F-B7CD-4662-AFE0-FFEC32E59237}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1087C3A6-2C55-4AEA-8BCF-D48401D64A8C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0D5D85BB-4DB7-496F-9E13-31D8E9C4B7AD}] => (Allow) D:\Vuze\Azureus.exe
FirewallRules: [{D9B6D4AE-7A4E-47F1-B8C3-808F4B2134EA}] => (Allow) D:\Vuze\Azureus.exe
FirewallRules: [{E954FA68-2353-49A5-AEEB-C38880F5E0D2}] => (Allow) E:\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{93AA9517-BB7E-44D2-8E37-610DA08BD765}] => (Allow) E:\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{8D255255-5B75-44E5-B9EE-E852452D1C90}] => (Allow) E:\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{A1D35C45-12F4-4558-A351-532AFB2C4B2E}] => (Allow) E:\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{AB2D44D7-D331-4877-BA05-52AF6A0AC004}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2015 12:40:33 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (11/04/2015 12:40:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (11/03/2015 11:54:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/03/2015 10:06:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/03/2015 10:06:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a609239f-ad53-445e-967d-701b69dd8820}

Error: (11/03/2015 04:29:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-M2MK112)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/03/2015 04:06:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-M2MK112)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/03/2015 03:43:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (11/03/2015 03:43:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (11/03/2015 03:42:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.


System errors:
=============
Error: (11/04/2015 09:37:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/04/2015 02:12:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/04/2015 01:05:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/04/2015 01:05:35 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHIHAO~1\AppData\Local\Temp\ehdrv.sys

Error: (11/04/2015 01:05:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/04/2015 01:05:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHIHAO~1\AppData\Local\Temp\ehdrv.sys

Error: (11/04/2015 01:05:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/04/2015 01:05:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHIHAO~1\AppData\Local\Temp\ehdrv.sys

Error: (11/04/2015 01:05:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/04/2015 01:05:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CHIHAO~1\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2015-11-03 15:12:17.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 15:12:16.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 15:12:16.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 15:12:16.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 15:12:16.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 40%
Total physical RAM: 16332.61 MB
Available physical RAM: 9686.2 MB
Total Virtual: 18764.61 MB
Available Virtual: 14490.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.33 GB) (Free:133.3 GB) NTFS
Drive d: (Western Digital Red) (Fixed) (Total:2794.39 GB) (Free:1586.57 GB) NTFS
Drive e: (Western Digital Black) (Fixed) (Total:1862.89 GB) (Free:1823.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 04 November 2015 - 12:33 PM

Please open REGEDIT.EXE Run as Administrator and remove the file below in claret red. If you're not sure how to do this please let me know.

HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\Windows\CurrentVersion\Explorer\Startupapproved\Run32 => "chromebrowser"

if you see on the right side "browser chrome" the file, please delete.

And PC restart

Next >>>
Please open REGEDIT.EXE Run as Administrator again and "chromebrowser" the file check
And, this please let me know.

Edited by olgun52, 04 November 2015 - 12:37 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Chi Hao

Chi Hao
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 01:16 PM

Hi,

 

I've deleted the browserchrome and restarted my pc. When I re-open it it was gone :)



#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 04 November 2015 - 02:14 PM

Hi,

I've deleted the browserchrome and restarted my pc. When I re-open it it was gone :)

:thumbup2:

So now how does it work PC and any issues ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Chi Hao

Chi Hao
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 02:44 PM

Pc seems to work perfect. No other issues :)



#15 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 04 November 2015 - 04:05 PM

Hi Chi Hao,

Pc seems to work perfect. No other issues :)

 Glad to hear that, very nice. We can close this thread

Thank you for your patience.  Please do the following:
 
My help is free for everybody. If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation paypal.gifThank you!

Uninstall Combofix:

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg
 
next.....
In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
  •  

:step1: Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

:step2:  FireFox. If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
 
NoScript
AdBlock Plus

:step3:  Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

:step4:  Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
:step5: One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:step6: ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users