Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE, FF and Chrome Being Hijacked by Hao123.com [Closed]

Started by WyffGoaL , Oct 24 2015 04:13 AM

  • This topic is locked This topic is locked

#1
WyffGoaL
Posted 24 October 2015 - 04:13 AM

WyffGoaL

    Member

  • Member
  • PipPip
  • 57 posts

Hi everyone,

All of my internet browsers have been hijacked by this website hao123.com, this happened right after I installed a software called Xunlei ( www.xunlei.com ) Thunder Network.

Is that possible to get rid of this hao123.com but still keep the xunlei thunder network software?


Thanks in advance.


 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by Celine (administrator) on CELINE-PC (24-10-2015 18:08:54)
Running from C:\Users\Celine\Desktop
Loaded Profiles: Celine (Available Profiles: Celine)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
() C:\ProgramData\livefixmy\livefixmy.exe
() C:\ProgramData\livefixmy\livefixmy.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(深圳市迅雷网络技术有限公司) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
(ShenZhen Xunlei Networking Technologies,LTD) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLUEOPS.exe
(深圳市迅雷网络技术有限公司) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.258_1111\ThunderPlatform.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11324368 2015-10-07] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2011-06-24] (VIA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-17] (Piriform Ltd)
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\...\Run: [Thunder] => C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe [1387888 2015-10-24] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [.XLKKDesktopIcon] -> {4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} => C:\Users\Public\Thunder Network\KKVideo\Addins\KKVIconHandler64.dll [2014-11-18] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1QMShellIconExt] -> {AC224566-817F-454B-A7A7-79C8840050D1} => C:\Program Files (x86)\QMGame\QMShellIcon64.dll No File
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.85.(852).dll [2015-07-13] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(840).dll [2015-09-23] (深圳市迅雷网络技术有限公司)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{6AC48AB3-81D6-4E3C-9491-E605A0703328}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
BHO: 迅雷下载支持 -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.41.5020.dll [2015-10-24] (深圳市迅雷网络技术有限公司)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-08-07] (FreeDownloadManager.ORG)
BHO-x32: 迅雷下载支持组件 -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll [2014-08-01] (深圳市迅雷网络技术有限公司)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Celine\AppData\Roaming\Mozilla\Firefox\Profiles\t0o8zt3e.default
FF Homepage: hxxp://www.google.com
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-23] (Google Inc.)
FF Plugin-x32: @xunlei.com/npaplayer -> C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll [No File]
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2015-10-24] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3295371147-2942387223-962318981-1000: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin HKU\S-1-5-21-3295371147-2942387223-962318981-1000: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2015-10-24] ( )
FF Extension: Thunder Extension - C:\Users\Celine\AppData\Roaming\Mozilla\Firefox\Profiles\t0o8zt3e.default\Extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C} [2015-10-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-10-23] [not signed]
FF HKU\S-1-5-21-3295371147-2942387223-962318981-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager extension - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-10-23]
FF HKU\S-1-5-21-3295371147-2942387223-962318981-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-23]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2015-10-24]
CHR Extension: (Google Docs) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-23]
CHR Extension: (Google Drive) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-23]
CHR Extension: (Google Search) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-24]
CHR Extension: (Google Sheets) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-23]
CHR Extension: (Google Docs Offline) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23]
CHR Extension: (Gmail) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-23]
CHR HKLM-x32\...\Chrome\Extension: [ahmpjcflkgiildlgicmcieglgoilbfdp] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 livefixmy; C:\ProgramData\livefixmy\livefixmy.exe [66712 2015-10-14] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1779664 2015-10-07] (Micro-Star INT'L CO., LTD.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174448 2015-10-24] (ShenZhen Xunlei Networking Technologies,LTD)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-08-31] (Intel Corporation)
R2 XLWFP; C:\Windows\System32\drivers\xlwfp.sys [56080 2015-08-31] (深圳市迅雷网络技术有限公司)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-24 18:08 - 2015-10-24 18:09 - 00015154 _____ C:\Users\Celine\Desktop\FRST.txt
2015-10-24 18:08 - 2015-10-24 18:08 - 00000000 ____D C:\FRST
2015-10-24 18:07 - 2015-10-24 18:05 - 02196480 _____ (Farbar) C:\Users\Celine\Desktop\FRST64.exe
2015-10-24 17:44 - 2015-10-24 17:44 - 00002524 _____ C:\Users\Celine\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-10-24 17:44 - 2015-10-24 17:44 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-10-24 17:44 - 2015-10-24 17:44 - 00000000 ____D C:\Users\Celine\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-10-24 17:30 - 2015-10-24 17:30 - 00003146 _____ C:\Windows\System32\Tasks\{1ACFF802-8F1C-48BE-A7BF-509DF2813229}
2015-10-24 17:27 - 2015-10-24 17:27 - 00001365 _____ C:\Users\Celine\Desktop\迅雷7.lnk
2015-10-24 17:26 - 2015-10-24 17:27 - 00000000 ____D C:\Program Files (x86)\Thunder Network
2015-10-24 17:25 - 2015-10-24 17:25 - 00011020 _____ C:\Windows\PFRO.log
2015-10-24 17:25 - 2015-10-24 17:25 - 00000056 _____ C:\Windows\setupact.log
2015-10-24 17:25 - 2015-10-24 17:25 - 00000000 _____ C:\Windows\setuperr.log
2015-10-24 17:20 - 2015-10-24 17:20 - 00003136 _____ C:\Windows\System32\Tasks\{1B79DEE9-C1C2-4C01-848F-06D2D401B556}
2015-10-24 17:18 - 2015-10-24 17:18 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Baidu
2015-10-24 17:18 - 2015-10-24 17:18 - 00000000 ____D C:\Users\Celine\AppData\LocalLow\Baidu
2015-10-24 17:18 - 2015-10-24 17:18 - 00000000 ____D C:\ProgramData\Baidu
2015-10-24 16:07 - 2015-10-24 16:29 - 00000000 ____D C:\ProgramData\Thunder Network
2015-10-24 15:01 - 2015-10-24 15:01 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-10-24 14:55 - 2015-10-24 14:55 - 00000000 ____D C:\Users\Celine\AppData\Local\Bluestacks
2015-10-24 14:51 - 2015-10-24 15:28 - 00000035 _____ C:\Users\Celine\AppData\Roaming\CoreAVC.ini
2015-10-24 14:43 - 2015-10-24 17:27 - 00000000 ____D C:\Users\Public\livefixmy
2015-10-24 14:42 - 2015-10-24 17:27 - 00000000 ____D C:\ProgramData\livefixmy
2015-10-24 14:42 - 2015-10-24 14:42 - 00000020 _____ C:\Windows\system32\pub_store.dat
2015-10-24 14:42 - 2015-10-24 14:42 - 00000000 ____D C:\Users\Public\mycalendar
2015-10-24 14:42 - 2015-10-24 14:42 - 00000000 ____D C:\Program Files\Common Files\Thunder Network
2015-10-24 14:42 - 2014-06-17 15:33 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2015-10-24 14:42 - 2014-06-17 15:33 - 00080264 _____ (深圳市迅雷技术有限公司) C:\Windows\xinstaller.1.3.0.22.dll
2015-10-24 14:42 - 2014-06-17 15:33 - 00080264 _____ (深圳市迅雷技术有限公司) C:\Windows\SysWOW64\xinstaller.dll
2015-10-24 14:42 - 2014-06-17 15:33 - 00035208 _____ (深圳市迅雷技术有限公司) C:\Windows\xinstaller.1.3.0.22.exe
2015-10-24 14:42 - 2014-06-17 15:33 - 00035208 _____ (深圳市迅雷技术有限公司) C:\Windows\SysWOW64\xInstaller.exe
2015-10-24 14:39 - 2015-10-24 14:39 - 00000000 ____D C:\Users\Celine\AppData\Roaming\ѸÀ×ÓÎÏ·
2015-10-24 14:35 - 2015-10-24 17:26 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2015-10-24 14:35 - 2015-10-24 17:26 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2015-10-24 14:35 - 2015-10-24 17:26 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\atl90.dll
2015-10-24 14:35 - 2015-10-24 17:26 - 00001857 _____ C:\Windows\system32\Microsoft.VC90.CRT.manifest
2015-10-24 14:35 - 2015-10-24 17:26 - 00000466 _____ C:\Windows\system32\Microsoft.VC90.ATL.manifest
2015-10-24 14:34 - 2015-10-24 17:27 - 00000000 ____D C:\Users\Public\Thunder Network
2015-10-24 14:34 - 2015-10-24 17:27 - 00000000 ____D C:\Users\Celine\AppData\LocalLow\Thunder Network
2015-10-24 14:34 - 2015-10-24 14:34 - 00000020 _____ C:\Windows\SysWOW64\pub_store.dat
2015-10-24 14:21 - 2015-10-24 14:21 - 04079944 _____ (Google Inc.) C:\Windows\system32\GooglePinyin2.ime
2015-10-24 14:21 - 2015-10-24 14:21 - 03495240 _____ (Google Inc.) C:\Windows\SysWOW64\GooglePinyin2.ime
2015-10-24 14:21 - 2015-10-24 14:21 - 00003102 _____ C:\Windows\System32\Tasks\Google Pinyin Daemon
2015-10-24 14:21 - 2015-10-24 14:21 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Google
2015-10-24 14:21 - 2015-10-24 14:21 - 00000000 ____D C:\ProgramData\Google
2015-10-24 11:55 - 2015-10-23 22:37 - 00000000 ____D C:\Windows\Panther
2015-10-24 10:59 - 2015-10-24 10:59 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-24 10:59 - 2015-10-24 10:59 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-24 10:57 - 2015-10-24 10:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-10-23 22:37 - 2015-10-24 16:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-23 22:35 - 2015-10-23 22:35 - 00001075 ____N C:\Users\Celine\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2015-10-23 22:26 - 2015-10-23 22:26 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-10-23 22:26 - 2015-10-23 22:26 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-10-23 22:26 - 2015-10-23 22:26 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-23 22:26 - 2015-10-23 22:26 - 00000000 ____D C:\Program Files\Adobe
2015-10-23 22:25 - 2015-10-23 22:25 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-10-23 22:25 - 2015-10-23 22:25 - 00001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-10-23 22:23 - 2015-10-23 22:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-23 22:22 - 2015-10-23 22:22 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Macromedia
2015-10-23 22:13 - 2015-10-23 22:13 - 00002951 ____N C:\Users\Celine\Desktop\Microsoft Excel 2010.lnk
2015-10-23 22:04 - 2015-10-23 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-10-23 22:04 - 2015-10-23 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-10-23 22:04 - 2015-10-23 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2015-10-23 22:03 - 2015-10-23 22:03 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-10-23 22:03 - 2015-10-23 22:03 - 00000000 ____D C:\Windows\PCHEALTH
2015-10-23 22:03 - 2015-10-23 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-10-23 22:03 - 2015-10-23 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-10-23 22:02 - 2015-10-23 22:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-23 22:02 - 2015-10-23 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-23 22:02 - 2015-10-23 22:02 - 00000000 ____D C:\Users\Celine\AppData\Local\Microsoft Help
2015-10-23 22:02 - 2015-10-23 22:02 - 00000000 ____D C:\Program Files\Microsoft Office
2015-10-23 22:02 - 2015-10-23 22:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-10-23 22:02 - 2015-10-23 22:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-10-23 22:01 - 2015-10-23 22:01 - 00000000 __RHD C:\MSOCache
2015-10-23 21:58 - 2015-10-23 21:58 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-23 21:58 - 2015-10-23 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-23 21:58 - 2015-10-23 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-23 21:58 - 2015-10-23 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-23 21:58 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-23 21:58 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-23 21:58 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-23 21:47 - 2015-10-23 21:47 - 00000000 ____D C:\ProgramData\WEBREG
2015-10-23 21:46 - 2015-10-23 21:47 - 00000000 ____D C:\Users\Celine\AppData\Roaming\HP
2015-10-23 21:45 - 2015-10-24 15:54 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Yahoo!
2015-10-23 21:45 - 2015-10-23 21:50 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-10-23 21:44 - 2015-10-23 21:44 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-10-23 21:44 - 2015-10-23 21:44 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-10-23 21:44 - 2015-10-23 21:44 - 00000000 ____D C:\Users\Celine\AppData\Roaming\HpUpdate
2015-10-23 21:44 - 2015-10-23 21:44 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-10-23 21:42 - 2015-10-23 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-23 21:42 - 2015-10-23 21:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-10-23 21:41 - 2015-10-23 21:50 - 00000000 ____D C:\Program Files (x86)\HP
2015-10-23 21:41 - 2008-12-16 18:18 - 00145408 _____ (Hewlett-Packard Company) C:\Windows\system32\hpfll6en.dll
2015-10-23 21:40 - 2015-10-23 21:50 - 00003901 _____ C:\ProgramData\hpzinstall.log
2015-10-23 21:40 - 2015-10-23 21:46 - 00171880 _____ C:\Windows\hphins32.dat
2015-10-23 21:40 - 2015-10-23 21:46 - 00000000 ____D C:\ProgramData\HP
2015-10-23 21:40 - 2010-02-13 10:59 - 00000558 ____N C:\Windows\hphmdl32.dat
2015-10-23 21:40 - 2008-10-30 16:46 - 00362328 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2015-10-23 21:36 - 2015-10-24 17:46 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Free Download Manager
2015-10-23 21:36 - 2015-10-23 21:36 - 00001067 ____N C:\Users\Celine\Desktop\Free Download Manager.lnk
2015-10-23 21:36 - 2015-10-23 21:36 - 00000000 ____D C:\Users\Celine\AppData\Roaming\FreeDownloadManager.ORG
2015-10-23 21:36 - 2015-10-23 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-10-23 21:36 - 2015-10-23 21:36 - 00000000 ____D C:\ProgramData\FreeDownloadManager.ORG
2015-10-23 21:36 - 2015-10-23 21:36 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
2015-10-23 21:32 - 2015-10-23 21:32 - 00000000 ____D C:\Users\Celine\AppData\Local\CEF
2015-10-23 21:31 - 2015-10-23 22:35 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Adobe
2015-10-23 21:31 - 2015-10-23 21:31 - 00000000 ____D C:\Users\Celine\AppData\LocalLow\Adobe
2015-10-23 21:30 - 2015-10-23 21:30 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-10-23 21:30 - 2015-10-23 21:30 - 00000000 _____ C:\Users\Celine\Sti_Trace.log
2015-10-23 21:29 - 2015-10-23 21:30 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Canon
2015-10-23 21:29 - 2015-10-23 21:29 - 00002095 _____ C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
2015-10-23 21:29 - 2015-10-23 21:29 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-10-23 21:29 - 2015-10-23 21:29 - 00000000 ____D C:\Windows\system32\vbox
2015-10-23 21:29 - 2015-10-23 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-23 21:29 - 2015-10-23 21:29 - 00000000 ____D C:\Program Files (x86)\Canon
2015-10-23 21:28 - 2015-10-23 21:28 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-10-23 21:28 - 2015-10-23 21:28 - 00000000 ___HD C:\Program Files\CanonBJ
2015-10-23 21:28 - 2015-10-23 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 100
2015-10-23 21:28 - 2009-04-02 18:12 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNQ2413C.DLL
2015-10-23 21:28 - 2009-04-02 18:12 - 00092672 _____ (CANON INC.) C:\Windows\system32\CNQ2413I.DLL
2015-10-23 21:28 - 2008-05-02 09:14 - 00677888 _____ (CANON INC.) C:\Windows\system32\CNQ2413L.DLL
2015-10-23 21:28 - 2007-03-15 14:13 - 00229888 _____ (Canon Inc.) C:\Windows\system32\CNQ2413O.DLL
2015-10-23 21:26 - 2015-10-24 16:49 - 00000000 ____D C:\ProgramData\AVAST Software
2015-10-23 21:25 - 2015-10-23 21:25 - 00016154 _____ C:\Windows\system32\results.xml
2015-10-23 21:24 - 2015-10-23 21:24 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2015-10-23 21:24 - 2015-10-23 21:24 - 00001202 _____ C:\Users\Public\Desktop\HD VDeck.lnk
2015-10-23 21:23 - 2015-10-23 21:24 - 00000000 ____D C:\Program Files (x86)\VIA
2015-10-23 21:23 - 2011-06-14 21:42 - 02159728 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2015-10-23 21:23 - 2011-06-14 21:42 - 01161328 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00994928 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00559216 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00248944 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00202864 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00116848 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00091760 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00087152 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00027760 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2015-10-23 21:23 - 2011-06-08 18:19 - 00085504 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2015-10-23 21:23 - 2011-06-08 18:19 - 00083968 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPO.dll
2015-10-23 21:23 - 2007-04-11 15:35 - 00414632 ____N (Microsoft Corporation) C:\Windows\difxapi.dll
2015-10-23 21:22 - 2012-05-15 07:13 - 00144896 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-10-23 21:22 - 2012-05-15 07:13 - 00020992 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-10-23 21:22 - 2012-05-15 06:20 - 00104448 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-10-23 21:22 - 2012-05-15 06:20 - 00017920 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-10-23 21:21 - 2015-10-23 21:21 - 00003176 _____ C:\Windows\System32\Tasks\{DDEC1C91-C263-456B-A889-7B678674BE92}
2015-10-23 21:21 - 2012-10-06 05:07 - 00509248 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-10-23 21:21 - 2012-10-06 05:07 - 00276288 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-10-23 21:21 - 2012-10-06 05:07 - 00170304 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-10-23 21:21 - 2012-10-06 05:06 - 05902656 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-10-23 21:21 - 2012-10-06 05:06 - 00441152 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-10-23 21:21 - 2012-10-06 05:06 - 00398656 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-10-23 21:21 - 2012-10-06 05:06 - 00251712 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-10-23 21:21 - 2012-10-06 05:06 - 00184640 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-10-23 21:21 - 2012-09-29 02:51 - 12887040 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 12836864 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 12604416 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 11158528 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 11040256 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 10673664 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 09007616 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 05343584 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-10-23 21:21 - 2012-09-29 02:51 - 04571136 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 03776512 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 01981696 _____ C:\Windows\system32\iglhxa64.cpa
2015-10-23 21:21 - 2012-09-29 02:51 - 00963452 _____ C:\Windows\SysWOW64\igcodeckrng600.bin
2015-10-23 21:21 - 2012-09-29 02:51 - 00963452 _____ C:\Windows\system32\igcodeckrng600.bin
2015-10-23 21:21 - 2012-09-29 02:51 - 00604160 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00524800 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00519680 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00501760 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00482304 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00448512 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00441856 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00431104 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00410624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00386048 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00330240 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00272928 _____ C:\Windows\SysWOW64\igvpkrng600.bin
2015-10-23 21:21 - 2012-09-29 02:51 - 00272928 _____ C:\Windows\system32\igvpkrng600.bin
2015-10-23 21:21 - 2012-09-29 02:51 - 00223233 _____ C:\Windows\system32\Gfxres.th-TH.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00216064 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00209727 _____ C:\Windows\system32\Gfxres.el-GR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00193862 _____ C:\Windows\system32\Gfxres.ru-RU.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00180224 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00173568 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00165865 _____ C:\Windows\system32\Gfxres.ar-SA.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00163120 _____ C:\Windows\system32\Gfxres.ja-JP.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00158727 _____ C:\Windows\system32\Gfxres.he-IL.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00149390 _____ C:\Windows\system32\Gfxres.it-IT.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00147759 _____ C:\Windows\system32\Gfxres.ko-KR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00147101 _____ C:\Windows\system32\Gfxres.de-DE.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00147010 _____ C:\Windows\system32\Gfxres.es-ES.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00145715 _____ C:\Windows\system32\Gfxres.ro-RO.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00145211 _____ C:\Windows\system32\Gfxres.fr-FR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00144378 _____ C:\Windows\system32\Gfxres.tr-TR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00143976 _____ C:\Windows\system32\Gfxres.pt-BR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00143730 _____ C:\Windows\system32\Gfxres.nl-NL.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00143657 _____ C:\Windows\system32\Gfxres.hu-HU.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00142990 _____ C:\Windows\system32\Gfxres.pt-PT.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00142617 _____ C:\Windows\system32\Gfxres.sv-SE.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00142423 _____ C:\Windows\system32\Gfxres.pl-PL.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00142008 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00141739 _____ C:\Windows\system32\Gfxres.fi-FI.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00141574 _____ C:\Windows\system32\Gfxres.sk-SK.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00140779 _____ C:\Windows\system32\Gfxres.hr-HR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00137621 _____ C:\Windows\system32\Gfxres.sl-SI.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00137534 _____ C:\Windows\system32\Gfxres.nb-NO.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00136873 _____ C:\Windows\system32\Gfxres.da-DK.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00132360 _____ C:\Windows\system32\Gfxres.en-US.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-10-23 21:21 - 2012-09-29 02:51 - 00126035 _____ C:\Windows\system32\Gfxres.zh-TW.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00124403 _____ C:\Windows\system32\Gfxres.zh-CN.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00116224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2867.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00094208 _____ C:\Windows\system32\IccLibDll_x64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00080384 _____ C:\Windows\system32\igdde64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00064512 _____ C:\Windows\SysWOW64\igdde32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00063488 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00059425 _____ C:\Windows\system32\iglhxo64.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00059398 _____ C:\Windows\system32\iglhxg64.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00059230 _____ C:\Windows\system32\iglhxc64.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00059104 _____ C:\Windows\system32\iglhxc64_dev.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00058796 _____ C:\Windows\system32\iglhxg64_dev.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00058109 _____ C:\Windows\system32\iglhxo64_dev.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00028672 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00017058 _____ C:\Windows\system32\iglhxs64.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00001074 _____ C:\Windows\system32\iglhxa64.vp
2015-10-23 21:19 - 2015-10-23 21:19 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2015-10-23 21:19 - 2013-07-18 13:54 - 00129224 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C62x64.sys
2015-10-23 21:17 - 2015-10-23 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-10-23 21:17 - 2015-10-23 21:17 - 00000000 ____D C:\Program Files (x86)\MSI
2015-10-23 21:17 - 2015-10-20 14:58 - 00000000 ____D C:\Windows\SysWOW64\LiveUpdate
2015-10-23 21:15 - 2015-10-23 21:22 - 00000000 ____D C:\Intel
2015-10-23 21:15 - 2012-07-04 10:55 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-10-23 21:14 - 2015-10-23 21:14 - 00003180 _____ C:\Windows\System32\Tasks\{5AC9EAA8-BA76-4D32-8CAA-9641FE2CDF55}
2015-10-23 21:08 - 2015-10-24 17:28 - 00009130 _____ C:\Windows\SysWOW64\Gms.log
2015-10-23 21:08 - 2015-10-23 21:17 - 00001959 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2015-10-23 21:08 - 2015-10-23 21:17 - 00000000 ____D C:\MSI
2015-10-23 21:08 - 2014-04-30 16:23 - 00011248 _____ (Windows ® Win 7 DDK provider) C:\Windows\acpimof.dll
2015-10-23 21:05 - 2015-10-23 21:05 - 00000000 ____D C:\Users\Celine\Tracing
2015-10-23 21:04 - 2015-10-23 21:07 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Skype
2015-10-23 21:04 - 2015-10-23 21:04 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-23 21:04 - 2015-10-23 21:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-23 21:04 - 2015-10-23 21:04 - 00000000 ____D C:\Users\Celine\AppData\Local\Skype
2015-10-23 21:04 - 2015-10-23 21:04 - 00000000 ____D C:\ProgramData\Skype
2015-10-23 21:04 - 2015-10-23 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-23 20:59 - 2015-10-23 20:59 - 00771962 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-23 20:51 - 2015-10-24 15:56 - 00001075 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-23 20:51 - 2015-10-24 15:56 - 00001063 ____R C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-23 20:51 - 2015-10-23 22:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-23 20:51 - 2015-10-23 21:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-23 20:51 - 2015-10-23 20:52 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Mozilla
2015-10-23 20:51 - 2015-10-23 20:51 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-23 20:51 - 2015-10-23 20:51 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-23 20:51 - 2015-10-23 20:51 - 00000000 ____D C:\Users\Celine\AppData\Local\Mozilla
2015-10-23 20:51 - 2015-10-23 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-23 20:51 - 2015-10-23 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-23 20:50 - 2015-10-23 22:27 - 00000000 ____D C:\ProgramData\Adobe
2015-10-23 20:49 - 2015-10-24 14:14 - 00000000 ____D C:\Users\Celine\AppData\Local\Adobe
2015-10-23 20:49 - 2015-10-23 20:49 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-10-23 20:49 - 2015-10-23 20:49 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-23 20:49 - 2015-10-23 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-23 20:49 - 2015-10-23 20:49 - 00000000 ____D C:\Program Files\CCleaner
2015-10-23 20:48 - 2009-11-26 03:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-10-23 20:48 - 2009-11-26 03:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-10-23 20:48 - 2009-11-26 03:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-10-23 20:44 - 2015-10-23 21:22 - 00000000 ____D C:\ProgramData\Intel
2015-10-23 20:44 - 2015-10-23 21:22 - 00000000 ____D C:\Program Files (x86)\Intel
2015-10-23 20:44 - 2015-10-23 20:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-10-23 20:44 - 2015-10-23 20:44 - 00000000 ____D C:\Program Files\Intel
2015-10-23 20:42 - 2012-07-26 12:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-10-23 20:42 - 2012-07-26 12:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-10-23 20:42 - 2012-07-26 10:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-10-23 20:42 - 2012-06-02 22:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-10-23 20:36 - 2015-06-23 13:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-10-23 20:30 - 2015-10-24 17:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-23 20:30 - 2015-10-24 17:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-23 20:30 - 2015-10-24 15:56 - 00001260 ____R C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-23 20:30 - 2015-10-24 14:21 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-23 20:30 - 2015-10-23 20:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-23 20:30 - 2015-10-23 20:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-23 20:30 - 2015-10-23 20:30 - 00000000 ____D C:\Users\Celine\AppData\Local\Google
2015-10-23 20:30 - 2015-10-23 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-23 20:29 - 2015-10-24 14:44 - 00109616 _____ C:\Users\Celine\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-23 20:29 - 2015-10-23 20:30 - 00000000 ____D C:\Users\Celine\AppData\Local\Deployment
2015-10-23 20:29 - 2015-10-23 20:29 - 00000000 ____D C:\Users\Celine\AppData\Local\Apps\2.0
2015-10-23 20:26 - 2015-10-23 20:26 - 00000000 ____D C:\ProgramData\Dell
2015-10-23 20:25 - 2015-10-23 21:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-23 20:25 - 2015-10-23 20:25 - 00000000 ____D C:\ProgramData\TP-LINK
2015-10-23 20:25 - 2015-10-23 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-10-23 20:25 - 2011-05-03 22:13 - 00008820 _____ C:\Windows\system32\athurextx.cat
2015-10-23 20:25 - 2011-04-20 03:07 - 01930240 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
2015-10-23 20:25 - 2011-04-20 03:07 - 01930240 _____ (Atheros Communications, Inc.) C:\Windows\system32\athurx.sys
2015-10-23 20:20 - 2015-10-24 17:29 - 00084756 _____ C:\Windows\WindowsUpdate.log
2015-10-23 20:18 - 2015-10-24 15:56 - 00001114 ____R C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-23 20:18 - 2015-10-24 15:56 - 00001114 ____R C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-10-23 20:18 - 2015-10-24 14:44 - 00000000 ____D C:\Users\Celine\AppData\Local\VirtualStore
2015-10-23 20:17 - 2015-10-23 21:30 - 00000000 ____D C:\Users\Celine
2015-10-23 20:17 - 2015-10-23 20:17 - 00000020 ___SH C:\Users\Celine\ntuser.ini
2015-10-23 20:17 - 2015-10-23 20:17 - 00000000 __SHD C:\Recovery
2015-10-23 20:17 - 2009-07-14 12:54 - 00000000 ___RD C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-23 20:17 - 2009-07-14 12:49 - 00000000 ___RD C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-24 17:33 - 2009-07-14 12:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-24 17:33 - 2009-07-14 12:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-24 17:30 - 2009-07-14 13:13 - 00780070 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-24 17:25 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-24 16:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Speech
2015-10-24 15:56 - 2009-07-14 12:45 - 05034320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-24 11:55 - 2009-07-14 13:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-10-24 11:55 - 2009-07-14 13:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-10-24 10:59 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-24 10:59 - 2009-07-14 11:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-24 10:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-10-24 10:56 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\CSC
2015-10-23 23:32 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2015-10-23 22:24 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-23 22:04 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\ShellNew
2015-10-23 22:04 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-23 22:02 - 2009-07-14 10:34 - 00000478 _____ C:\Windows\win.ini
2015-10-23 21:29 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media
2015-10-23 20:43 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-23 20:27 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-23 20:25 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\system32\restore
 
==================== Files in the root of some directories =======
 
2015-10-24 14:51 - 2015-10-24 15:28 - 0000035 _____ () C:\Users\Celine\AppData\Roaming\CoreAVC.ini
2015-10-23 21:40 - 2015-10-23 21:50 - 0003901 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Celine\AppData\Local\Temp\DIDASetup_0003.exe
C:\Users\Celine\AppData\Local\Temp\dl_peer_id.dll
C:\Users\Celine\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Celine\AppData\Local\Temp\PCMgr_Setup_11_0_16794_227.exe
C:\Users\Celine\AppData\Local\Temp\qmgamesetup1.0.0.1051.exe
C:\Users\Celine\AppData\Local\Temp\QQPCDownload72808.exe
C:\Users\Celine\AppData\Local\Temp\sqlite3.dll
C:\Users\Celine\AppData\Local\Temp\XmpSetupHelper.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-23 23:24
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Celine (2015-10-24 18:09:21)
Running from C:\Users\Celine\Desktop
Windows 7 Ultimate (X64) (2015-10-23 12:17:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3295371147-2942387223-962318981-500 - Administrator - Disabled)
Celine (S-1-5-21-3295371147-2942387223-962318981-1000 - Administrator - Enabled) => C:\Users\Celine
Guest (S-1-5-21-3295371147-2942387223-962318981-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3295371147-2942387223-962318981-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
CanoScan LiDE 100 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
D2600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
DJ_SF_05_D2600_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Free Download Manager 3.9.6 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Deskjet D2600 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{7B8E0D63-C8FB-4F04-8B3A-029C4707693A}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.009 - MSI)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TL-WN822N/TL-WN821N Driver (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.0.0 - TP-LINK)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version:  - Google Inc.)
迅雷7 (HKLM-x32\...\thunder_is1) (Version: 7.9.41.5020 - 迅雷网络技术有限公司)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
23-10-2015 22:01:44 Installed Microsoft Office Professional Plus 2010
24-10-2015 15:59:26 JRT Pre-Junkware Removal
24-10-2015 16:48:26 avast! antivirus system restore point
24-10-2015 17:44:13 Installed Windows 7 USB/DVD Download Tool
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {266CC5F8-7EC4-4814-ADC7-43D2D274219A} - System32\Tasks\{5AC9EAA8-BA76-4D32-8CAA-9641FE2CDF55} => pcalua.exe -a C:\MSI\LiveUpdate\DL_FILE\Atheros_Network_Drivers_2.1.0.21.exe -d C:\MSI\LiveUpdate\DL_FILE
Task: {3012EB38-F0DC-40B1-9F07-1DF46DF88D9E} - System32\Tasks\{DDEC1C91-C263-456B-A889-7B678674BE92} => pcalua.exe -a C:\MSI\LiveUpdate\DL_FILE\Intel_SVGA_Driver_9.17.10.2867.exe -d C:\MSI\LiveUpdate\DL_FILE
Task: {364BB97C-5A9D-4B1C-8C77-CDF35874451F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-15] (Adobe Systems Incorporated)
Task: {53E95992-E9EE-4E70-BF97-24BDB7BF05CA} - System32\Tasks\{1B79DEE9-C1C2-4C01-848F-06D2D401B556} => pcalua.exe -a "C:\Program Files (x86)\Thunder Network\Thunder\ThunderUninstall.exe"
Task: {743F73A2-2F2F-47AE-A06E-3B8DAED8843E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-17] (Piriform Ltd)
Task: {7C2E3E48-1D12-4C8B-A869-309EE4381849} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23] (Google Inc.)
Task: {B225D83B-3BF5-4135-8059-F2DA53489FB3} - System32\Tasks\Google Pinyin Daemon => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2015-10-24] (Google Inc.)
Task: {CA25AB35-9A1D-4D6D-965E-2E43E3EBE2DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23] (Google Inc.)
Task: {DE628DA5-613E-4ED9-BC3B-4753755CF5A2} - System32\Tasks\{1ACFF802-8F1C-48BE-A7BF-509DF2813229} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Uninstall.exe"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-10-24 14:43 - 2015-10-14 18:44 - 00066712 _____ () C:\ProgramData\livefixmy\livefixmy.exe
2015-10-23 21:21 - 2012-09-29 02:51 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-23 21:24 - 2011-06-24 15:45 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-10-23 21:24 - 2011-06-24 15:45 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-10-23 21:24 - 2011-06-24 15:45 - 00621168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2015-10-24 14:21 - 2015-10-24 14:21 - 00921416 _____ () C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
2015-10-24 14:43 - 2015-10-14 18:44 - 00184472 _____ () C:\ProgramData\livefixmy\livefixmy.dll
2015-10-23 21:17 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2015-10-24 14:34 - 2015-10-24 17:26 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll
2015-10-24 14:34 - 2015-10-24 17:26 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll
2015-09-23 18:17 - 2015-09-23 18:17 - 00031600 _____ () C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLURLSnifferManager.dll
2015-09-04 20:34 - 2015-09-04 20:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-10-24 17:26 - 2015-10-24 17:26 - 00684032 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\libexpat.dll
2015-10-24 17:26 - 2015-10-24 17:26 - 00015360 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\mini_unzip_dll.dll
2015-10-24 17:26 - 2015-10-24 17:26 - 00255344 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\BrowserSupportMoudle.dll
2015-10-24 17:27 - 2015-10-24 17:26 - 00129480 _____ () C:\Program Files (x86)\Thunder Network\Thunder\tp\tp_proxy.dll
2015-10-14 16:48 - 2015-10-14 16:48 - 00191856 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush\ZipPasswordSharing\ZipChecker.dll
2015-10-24 17:26 - 2015-10-24 17:26 - 00019968 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.258_1111\minizip.dll
2015-10-24 17:26 - 2015-10-24 17:26 - 00077824 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.258_1111\zlib1.dll
2015-10-24 17:26 - 2015-10-24 17:26 - 00143360 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.258_1111\libexpat.dll
2015-10-24 17:26 - 2015-10-24 17:26 - 00012288 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.258_1111\mini_unzip_dll.dll
2015-10-24 17:26 - 2015-10-24 17:26 - 00018296 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.258_1111\dl_uac_tool.dll
2015-10-24 17:26 - 2015-10-24 17:26 - 00053112 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.258_1111\XLCrypto.dll
2015-10-24 17:26 - 2015-10-24 17:26 - 00534896 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.258_1111\ts.dll
2015-10-23 20:30 - 2015-10-20 22:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-23 20:30 - 2015-10-20 22:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F994DEF8-23A1-444E-9389-D1FE5700810B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A706201E-A411-419D-B670-9E22138067AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A47A28D-A368-492B-A703-7C3B2863EF7C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AE77AECF-C7F1-4D90-BA84-E0FB26506B6F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D4965A6A-C71E-431F-8BC7-9E8B9B0C24D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{93DB36F7-DEBE-4C3E-A077-FDBF1875CFA9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{219EA82A-4A87-4620-AB95-0BD7F92EACF8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{114B5E45-3EB4-4794-A401-C4FB895BB1B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{8F2CAE4D-22E4-4337-8E98-D98CFB981582}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{51C163CB-C869-4CD5-A243-8B46CADF7720}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{BAEE2584-375D-4B50-A444-A92645CD454C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{188E1999-4E47-4205-8924-77CF4FB4B40D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{CA68C4FF-D41E-4DAC-BDDC-C7A9EF366981}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{FCCAC481-5DB1-4640-AFFD-FD73D3A98BC8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{DAA08553-279F-4009-8F95-D30486E85B68}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{B523B6FC-9E42-42FB-BD34-42162D82F85B}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{FD261188-A52A-4A30-AB26-030A28102353}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{FEBC693E-09B0-4AC6-AFD8-C6CBDAE7BE2E}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{17960F12-4E0A-4B02-9CCE-7FA564DA3177}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Xmp.exe
FirewallRules: [{9B0CC78A-CEDC-4C61-AED4-F5AFC75D6CCF}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Xmp.exe
FirewallRules: [{5394E4A5-DCCE-4A65-985B-5B05FDE029BD}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XMP.exe
FirewallRules: [{E8A831F6-7790-4E70-8BC5-494590E46BEB}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XLLiveUD.exe
FirewallRules: [{76432E29-C0E0-4A0A-BBF3-1148906FC196}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XMP.exe
FirewallRules: [{242B4753-568D-4DDF-A98F-1FB0A532A4E7}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XLLiveUD.exe
FirewallRules: [{09B4C5A0-83BC-47D2-A782-742A477E82A6}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XLBugReport.exe
FirewallRules: [{12ACC701-2680-4F84-B10A-05F327B828D5}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\XLBugReport.exe
FirewallRules: [{78132639-FD6D-4650-8690-1165A6E15F6D}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XLBugReport.exe
FirewallRules: [{0BB922A7-FD3D-4674-8737-583111ECB053}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\xmp.exe
FirewallRules: [{B23A0FBD-8060-498F-B287-40F90ED1CC06}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\XLBugReport.exe
FirewallRules: [{3E253AEE-5554-44E3-9632-8BD07B7EA6EE}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\InstallDriver.exe
FirewallRules: [{653D7ED2-7C8F-4393-A0AE-A6988804EF7E}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\ThunderMPServer.exe
FirewallRules: [{FE2DF273-C043-40D8-96C0-EFFCD3A67918}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInst.exe
FirewallRules: [{AA98E043-1AC8-431A-91E9-93149D2AE41E}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\aapt.exe
FirewallRules: [{F9C1BDBC-A8B8-4BAE-9F0D-8671AD106204}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\adb.exe
FirewallRules: [{489A1450-26BB-4AE4-BF76-B079AA62EC04}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInstX64.exe
FirewallRules: [{6D28A551-FBE4-471A-8E32-444471F678D8}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\xmp.exe
FirewallRules: [{E827E282-38C7-454C-8FCA-83B66E3B5B55}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInst.exe
FirewallRules: [{80608852-427D-4345-B68C-3C1328BD6B97}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\InstallDriver.exe
FirewallRules: [{649E9564-02B6-4912-AB61-44E9055B84FE}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\ThunderMPServer.exe
FirewallRules: [{B00A9E92-C66F-4C7F-B44B-B23670848F1C}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\aapt.exe
FirewallRules: [{CD2146C2-BDE0-4EA7-AB81-58CCBFE3B33F}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\adb.exe
FirewallRules: [{A369E06F-BF58-4E42-A2D5-5D25461EEA83}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInstX64.exe
FirewallRules: [{52F5B28F-5D3A-46AD-98DD-07E6B8BF853D}] => (Allow) D:\Program Files\Thunder Network\V5.1.26.4308\Bin\XLLiveUD.exe
FirewallRules: [{D0E07B42-5D4E-4AF8-A072-6C2390207D66}] => (Allow) D:\Program Files\Thunder Network\V5.1.26.4308\Bin\XLBugReport.exe
FirewallRules: [{C102854B-DF87-4FAB-833C-B24C58922BD2}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\aapt.exe
FirewallRules: [{81474B67-5D63-477E-AD41-8E22A361954F}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\adb.exe
FirewallRules: [{6FC7141A-843E-42C3-9949-21E1231881CB}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\APlayer.exe
FirewallRules: [{86052840-1148-4A1E-94DF-C6A1C85AD4D0}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\aapt.exe
FirewallRules: [{C976177B-A983-44D0-9161-C6E8708BA209}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\adb.exe
FirewallRules: [{44ABFB72-BEF5-4C02-A5C5-8D0057E7D7BF}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\APlayer.exe
FirewallRules: [{76530D9E-6295-4498-9387-968A1A40C9B7}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\InstallDriver.exe
FirewallRules: [{6CF32ADF-60B5-4A10-876B-8532867DC8D2}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\PreInstall.exe
FirewallRules: [{F7716B71-16B6-4B2F-83BD-4F10692E6C55}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\DPInst.exe
FirewallRules: [{6E05D793-C9E6-49E2-BABD-1545783E08BD}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\DPInstX64.exe
FirewallRules: [{8C8A5343-C5DA-4D27-8662-714830F92284}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\InstallDriver.exe
FirewallRules: [{CE0AF45D-7549-4334-A4EB-9DFF9CCEC5BA}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\DPInst.exe
FirewallRules: [{EFE1ECF2-07DF-4605-8BE5-9E70947B80EE}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\PreInstall.exe
FirewallRules: [{E316D560-6184-4218-95F2-E0DF01FF52DF}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.26.4308\Program\DPInstX64.exe
FirewallRules: [{8A0DFF64-948E-4D16-804C-A90E55346457}] => (Allow) C:\Users\Public\Thunder Network\KanKan\Pusher\XmpTipWnd.1.0.0.85.exe
FirewallRules: [{43C78F68-BF3B-4EE2-84FA-C460815EBDDE}] => (Allow) C:\Users\Public\Thunder Network\KanKan\Pusher\XmpTipWnd.1.0.0.85.exe
FirewallRules: [{05864948-1B55-42EA-BA9E-4E7037C9AA1A}] => (Allow) C:\Users\Celine\AppData\Local\Temp\QQPCDownload72808.exe
FirewallRules: [{EEE895E5-CC86-4951-9B4E-4D5EC7052E7D}] => (Allow) C:\Users\Celine\AppData\Local\Temp\QQPCDownload72808.exe
FirewallRules: [TCP Query User{361A91DB-97EB-4440-9AFA-29A899A482A0}C:\program files (x86)\qmgame\xl\download\minithunderplatform.exe] => (Allow) C:\program files (x86)\qmgame\xl\download\minithunderplatform.exe
FirewallRules: [UDP Query User{CC4FF4FC-AA14-460E-B6F8-0DB5A8034214}C:\program files (x86)\qmgame\xl\download\minithunderplatform.exe] => (Allow) C:\program files (x86)\qmgame\xl\download\minithunderplatform.exe
FirewallRules: [{1E72FCE7-3A50-4781-8833-D5119C6A8C48}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{4379454F-B8BC-4F53-888F-C4059334EB54}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{F93638D1-2B11-4FDF-B6B1-943BA86BB021}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{20A80B68-0C86-4CE1-A9CB-459769E35B18}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [TCP Query User{2B92B059-678B-4F1B-8364-2CAC129DF74A}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{10F9EF89-5A89-4151-8DD9-41F1F0EEF037}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{D49AF671-6CFB-41E1-A9DC-543371381AC5}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{79A07BD7-0B39-414E-9040-977951E4BA3E}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{EA685AAD-857E-4D2B-A431-699D8BBB03C2}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Xmp.exe
FirewallRules: [{E77ECB25-E2F9-4E17-A627-B24424D08D47}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Xmp.exe
FirewallRules: [{4B896EB6-3750-46C2-9E7A-F05B7EE2F4D7}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\xmp.exe
FirewallRules: [{F512FE87-D99E-47D8-A4B2-E78DDA558671}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\aapt.exe
FirewallRules: [{5F1E0138-4FB2-4BEE-9DCB-B6AC93330069}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\adb.exe
FirewallRules: [{57565C3E-4F51-4816-B97A-40D7F3EFF9A5}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\xmp.exe
FirewallRules: [{FA120B36-E50A-48FA-9068-2E3938417078}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\aapt.exe
FirewallRules: [{3237A6E9-A202-4B79-9E93-A1F7B8685E1E}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\adb.exe
FirewallRules: [{8DC4B2B5-DF70-4B06-B414-46BB8ABE4FD4}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInstX64.exe
FirewallRules: [{AA1B8D37-C334-435C-B4ED-692ACD7ABCB4}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\InstallDriver.exe
FirewallRules: [{24DC829A-E522-4F7C-BC80-D922B63F8C3B}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XMP.exe
FirewallRules: [{698FB9E4-5F75-4AE0-B23F-A35E2BB34490}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\ThunderMPServer.exe
FirewallRules: [{54F816CF-4981-44DA-AD54-7943BD7ED915}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInst.exe
FirewallRules: [{F3EBEBB9-B91A-49B3-8CC2-BF7027D90514}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\InstallDriver.exe
FirewallRules: [{F76FC412-8232-483E-BA58-A1B292059E51}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInstX64.exe
FirewallRules: [{FAC98CBA-D6C7-48D7-9C7C-0F4DEEDBF699}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XMP.exe
FirewallRules: [{7C9A1069-ED3C-40D9-8DAA-73E9A5B582DA}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\ThunderMPServer.exe
FirewallRules: [{EBF70107-9410-42CB-8859-0AD4DD15B7BD}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInst.exe
FirewallRules: [{F6707E3D-349A-4187-932C-5FD1F7DF7620}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{66B88330-50A7-4D7E-9FFB-F30EE1420B51}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{35D44F72-3166-441D-8525-B16790C88A58}] => (Allow) LPort=33674
FirewallRules: [{203690F8-D605-478B-A777-EE8F453ABE48}] => (Allow) LPort=33673
FirewallRules: [{538B2EC5-3C81-4132-9764-82664F3F3C7B}] => (Allow) LPort=9527
FirewallRules: [{40FDE5CA-7E53-4509-8879-2D4B5CD1827B}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{EDDC2D80-BB71-4447-A664-C516D8AD8FC6}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{E119392B-92F2-4CA9-B098-CFD67E0EC8E4}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Xmp.exe
FirewallRules: [{7AD3DD55-4EC4-438A-B4A5-A861F837538B}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Xmp.exe
FirewallRules: [{57967DB5-3DB8-4398-85DD-3BE70DC284C2}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XLLiveUD.exe
FirewallRules: [{E5D17162-B9E8-424C-BDD1-2F48277AFE6D}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XMP.exe
FirewallRules: [{16E5230A-651B-465E-986D-F0F145A22203}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInstX64.exe
FirewallRules: [{1A786016-DA7A-44BD-A85F-FA49DBBBAF46}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XLBugReport.exe
FirewallRules: [{0E55CF8B-EDEF-4780-8DB9-1DCE37411BAA}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\xmp.exe
FirewallRules: [{4D0F208B-EA28-4FE9-94CC-3E66E7B89A96}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\adb.exe
FirewallRules: [{3E03AD86-2436-46F5-9D37-C2DE2996DAE4}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\XLBugReport.exe
FirewallRules: [{799DC2DE-7B07-41DC-B610-C234BCF40C35}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\aapt.exe
FirewallRules: [{A1DE6071-7DDE-4906-9334-B62A09F738BF}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XLLiveUD.exe
FirewallRules: [{367995E3-CCF3-4FA3-BDE7-41E66E62329C}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\InstallDriver.exe
FirewallRules: [{781FB858-DA1E-4FC1-B645-893139609C9E}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XMP.exe
FirewallRules: [{B7441DDA-C403-46FC-8DE6-9D3586991199}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInstX64.exe
FirewallRules: [{5322B3E9-F96F-4625-B80F-4CF83FF6ADB6}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\V5.1.22.4132\Bin\XLBugReport.exe
FirewallRules: [{8BB5B2E4-5D84-48C4-8C81-C837B8FE2065}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\ThunderMPServer.exe
FirewallRules: [{F6738B4C-6E9E-44A7-BDE6-1BEC99559305}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInst.exe
FirewallRules: [{DD574014-672E-45A4-8AE7-76FFB90FE57C}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\adb.exe
FirewallRules: [{25204079-0966-4A47-B825-F77D816F9FE9}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\xmp.exe
FirewallRules: [{B491ECDD-6EAC-44C6-95F8-A10D25195EB7}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\XLBugReport.exe
FirewallRules: [{C6906409-A700-4FCF-968E-313344B6E074}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\aapt.exe
FirewallRules: [{20D8F07F-92FF-4910-BB69-EF5E2F2C5CBE}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\InstallDriver.exe
FirewallRules: [{6E98B9AF-9225-417D-A4E5-A9BC62980F71}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\ThunderMPServer.exe
FirewallRules: [{B32AE9BE-4E24-4271-AAFD-4850CCAB687C}] => (Allow) C:\Users\Public\Thunder Network\XMP5\V5.1.22.4132\Program\DPInst.exe
FirewallRules: [{4B892A08-DFFE-4BDD-9BEB-B5A6112765B9}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.258_1111\ThunderPlatform.exe
FirewallRules: [{23C5BC82-8426-4B69-B905-1D99115C6E94}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.258_1111\ThunderPlatform.exe
FirewallRules: [{A2ACE225-E5E3-4604-8DD8-B9C045B0242E}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.258_1111\ThunderLiveUD.exe
FirewallRules: [{D62118AB-AA04-49E2-A9FE-C64F2C249D2B}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.258_1111\ThunderLiveUD.exe
FirewallRules: [{D0B547E7-FCE0-48E7-B646-41910613DCF6}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.258_1111\XLBugReport.exe
FirewallRules: [{B5F1A828-D410-4147-B1E2-FEB3B1303FF2}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.258_1111\XLBugReport.exe
FirewallRules: [{F61B8E08-32FC-4EF0-8660-11C714C17276}] => (Allow) C:\Users\Celine\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{97915295-6BAD-4F7A-890B-ECADFDCE0A66}] => (Allow) C:\Users\Celine\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1B024A10-318D-492B-AA81-5316AAE4BB99}] => (Allow) C:\Users\Celine\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B0300E0B-6B01-4F1C-997D-6FAE3029D1B5}] => (Allow) C:\Users\Celine\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0C78E653-5635-40D0-BB7E-0BBF58C3470F}] => (Allow) C:\Users\Celine\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{841C5038-0485-4C1F-8963-9548D8847E8B}] => (Allow) C:\Users\Celine\AppData\Roaming\uTorrent\uTorrent.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/24/2015 05:32:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 1.0.0.161 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 620
 
Start Time: 01d10e3ea8de0f37
 
Termination Time: 0
 
Application Path: C:\Users\Celine\AppData\Local\Temp\~nsu.tmp\Au_.exe
 
Report Id:
 
Error: (10/24/2015 05:30:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 1.0.0.161 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 102c
 
Start Time: 01d10e3e42126665
 
Termination Time: 0
 
Application Path: C:\Users\Celine\AppData\Local\Temp\~nsu.tmp\Au_.exe
 
Report Id:
 
Error: (10/24/2015 05:26:19 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/24/2015 05:26:19 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/24/2015 05:26:19 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/24/2015 05:26:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (10/24/2015 05:26:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/24/2015 05:26:18 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (10/24/2015 05:26:18 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/24/2015 05:26:18 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (10/24/2015 05:26:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (10/24/2015 05:26:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (10/24/2015 05:26:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (10/24/2015 05:26:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (10/24/2015 05:26:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (10/24/2015 05:26:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (10/24/2015 05:26:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (10/24/2015 05:26:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (10/24/2015 05:26:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (10/24/2015 05:26:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 41%
Total physical RAM: 3986.91 MB
Available physical RAM: 2331.55 MB
Total Virtual: 7971.97 MB
Available Virtual: 6126.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:244.04 GB) (Free:216.5 GB) NTFS
Drive d: () (Fixed) (Total:687.37 GB) (Free:687.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EED3A8DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
Bruce1270
Posted 24 October 2015 - 02:18 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello WyffgoaL and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem. :)

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. I'm analysing your logs and will get back to you soon.

  • 0

#3
Bruce1270
Posted 25 October 2015 - 07:49 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi WyffgoaL
 

Is that possible to get rid of this hao123.com but still keep the xunlei thunder network software?


The xunlei thunder software is P2P network file sharing which can have major concerns or issues.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Risks of Peer to Peer systems
P2P programs: Popular and perilous

If you continue to use P2P programs it is likely that you will get infected again.

I would recommend that you uninstall xunlei thunder network software, however that choice is up to you.
If you decide to keep the programs in spite of the risks involved, do not use them until I have finished cleaning your computer and have given you the all clear.

Anti Virus

Warning: You do not have an anti virus program running on your machine.

I strongly recommend that you have one antivirus product installed and running on your computer at a time. Anti virus protection is an important layer of protection against malware. To the average home computer user, a virus can be damaging in terms of personal data loss, theft of financial information and other sensitive data.
There are some good, FREE anti virus programs available. Here is a link with some information on this. I would recommend AVAST as a good one to use or alternatively use Microsoft Security Essentials .
Having virus protection is important, of course, but just as important as the virus protection itself, is keeping that program or application updated. Your antivirus software should be programmed for daily updates to protect and counter potential threats.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   3.23KB   306 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - AdwCleaner Scan

    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Upon completion, click Logfile. A log (AdwCleaner[S*].txt) will open.
  • Please copy and paste this in your next reply.

    Things for your next post:
  • fixlog.txt
  • AdwCleaner[S*].txt

    Thanks

  • 0

#4
WyffGoaL
Posted 26 October 2015 - 08:59 AM

WyffGoaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hi Bruce1270,

Thank you so much for helping out. I've already removed Xunlei Thunder Network. Please find all the log details as below.

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by Celine (2015-10-26 22:52:30) Run:1
Running from C:\Users\Celine\Desktop
Loaded Profiles: Celine (Available Profiles: Celine)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1QMShellIconExt] -> {AC224566-817F-454B-A7A7-79C8840050D1} => C:\Program Files (x86)\QMGame\QMShellIcon64.dll No File
BHO: 迅雷下载支持 -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.41.5020.dll [2015-10-24] (深圳市迅雷网络技术有限公司)
BHO-x32: 迅雷下载支持组件 -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll [2014-08-01] (深圳市迅雷网络技术有限公司)
FF Plugin-x32: @xunlei.com/npaplayer -> C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll [No File]
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin HKU\S-1-5-21-3295371147-2942387223-962318981-1000: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
2015-10-24 17:18 - 2015-10-24 17:18 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Baidu
2015-10-24 17:18 - 2015-10-24 17:18 - 00000000 ____D C:\Users\Celine\AppData\LocalLow\Baidu
2015-10-24 17:18 - 2015-10-24 17:18 - 00000000 ____D C:\ProgramData\Baidu
2015-10-24 14:51 - 2015-10-24 15:28 - 00000035 _____ C:\Users\Celine\AppData\Roaming\CoreAVC.ini
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1QMShellIconExt" => key removed successfully
"HKCR\CLSID\{AC224566-817F-454B-A7A7-79C8840050D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => key removed successfully
HKCR\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DE05CF4A-7B0A-4775-B5E5-396244938679}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@xunlei.com/npaplayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@xunlei.com/npxluser" => key removed successfully
"HKU\S-1-5-21-3295371147-2942387223-962318981-1000\Software\MozillaPlugins\@xunlei.com/npxluser" => key removed successfully
C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll => not found.
C:\Users\Celine\AppData\Roaming\Baidu => moved successfully
C:\Users\Celine\AppData\LocalLow\Baidu => moved successfully
C:\ProgramData\Baidu => moved successfully
C:\Users\Celine\AppData\Roaming\CoreAVC.ini => moved successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{31CBB15D-A083-4C7B-A212-3AF1977AE1C9} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.4 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:52:56 ====
 
 
 
 
 
# AdwCleaner v5.014 - Logfile created 26/10/2015 at 22:56:50
# Updated 18/10/2015 by Xplode
# Database : 2015-10-26.2 [Server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : Celine - CELINE-PC
# Running from : C:\Users\Celine\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Infected : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.hao123.com/?tn=99488468_hao_pg )
Shortcut Infected : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.hao123.com/?tn=99488468_hao_pg )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.hao123.com/?tn=99488468_hao_pg )
Shortcut Infected : C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://www.hao123.com/?tn=99488468_hao_pg )
Shortcut Infected : C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.hao123.com/?tn=99488468_hao_pg )
Shortcut Infected : C:\Users\Celine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.hao123.com/?tn=99488468_hao_pg )
Shortcut Infected : C:\Users\Celine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.hao123.com/?tn=99488468_hao_pg )
Shortcut Infected : C:\Users\Celine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.hao123.com/?tn=99488468_hao_pg )
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}
 
***** [ Web browsers ] *****
 
[C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2120 bytes] ##########
 

  • 0

#5
Bruce1270
Posted 26 October 2015 - 04:21 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi WyffgoaL
 

I've already removed Xunlei Thunder Network.


:thumbsup:

Good work so far. We'll clean up what adwcleaner found and do a run with Malwarebytes.

Step1 - AdwCleaner
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options - untick Reset proxy settings and Reset winsock settings.
  • Tick Reset Internet Explorer policies and Reset Chrome policies.
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step2 - Malwarebytes
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the green Scan Now button.
  • If threats are detected click on Apply actions, the program will ask to reboot the machine.
    MBAMReboot_zps9089ab30.jpg
  • Click Yes.
  • On completion of the scan (or after the reboot) select View Detailed Log
  • Click on Export Button, select Text File, give it the name MBAM Log and save the log to your Desktop.
  • Copy and Paste the contents of the log in your next reply.


    Things for your next post:
  • AdwCleaner [C*].txt
  • MBAM log
  • How is your computer running now?

    thanks.

  • 0

#6
WyffGoaL
Posted 27 October 2015 - 12:47 AM

WyffGoaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hi Bruce1270,

I've done all the things, but hao123.com is still showing as the homepage for all the existing browsers. Please find all the details of the logs below:

 

 

 

# AdwCleaner v5.015 - Logfile created 27/10/2015 at 14:26:25
# Updated 26/10/2015 by Xplode
# Database : 2015-10-26.2 [Server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : Celine - CELINE-PC
# Running from : C:\Users\Celine\Desktop\adwcleaner_5.015.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] Shortcut Disinfected : C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Celine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Celine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Celine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Chrome policies deleted
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1895 bytes] ##########
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/27/2015
Scan Time: 2:30 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.10.27.01
Rootkit Database: v2015.10.23.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Celine
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313734
Time Elapsed: 6 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Trojan.Agent, HKLM\SOFTWARE\CLASSES\thunder, Quarantined, [fbf27fdc4447310529895878956d49b7], 
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\thunder, Quarantined, [f7f69ebd0d7eb08606ac07c947bb50b0], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#7
Bruce1270
Posted 27 October 2015 - 06:54 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi WyffgoaL

 

I've done all the things, but hao123.com is still showing as the homepage for all the existing browsers


OK. Please run a fresh set of FRST logs and we'll see what's still there.
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.

  • 0

#8
WyffGoaL
Posted 28 October 2015 - 08:38 AM

WyffGoaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hi Bruce1270,

Please find all the log details as below.


 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
Ran by Celine (administrator) on CELINE-PC (28-10-2015 22:36:44)
Running from C:\Users\Celine\Desktop
Loaded Profiles: Celine (Available Profiles: Celine)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
() C:\ProgramData\livefixmy\livefixmy.exe
() C:\ProgramData\livefixmy\livefixmy.exe
() C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11324368 2015-10-07] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2011-06-24] (VIA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-17] (Piriform Ltd)
ShellIconOverlayIdentifiers: [.XLKKDesktopIcon] -> {4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} => C:\Users\Public\Thunder Network\KKVideo\Addins\KKVIconHandler64.dll [2014-11-18] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.85.(852).dll [2015-07-13] (深圳市迅雷网络技术有限公司)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{6AC48AB3-81D6-4E3C-9491-E605A0703328}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-08-07] (FreeDownloadManager.ORG)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Celine\AppData\Roaming\Mozilla\Firefox\Profiles\t0o8zt3e.default
FF Homepage: hxxp://www.google.com
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-23] (Google Inc.)
FF Plugin-x32: @xunlei.com/DapCtrl -> C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npKKDapCtrl.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-10-23] [not signed]
FF HKU\S-1-5-21-3295371147-2942387223-962318981-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager extension - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-10-23]
FF HKU\S-1-5-21-3295371147-2942387223-962318981-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\Celine\AppData\Roaming\Mozilla\Firefox\Profiles\t0o8zt3e.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C} [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-23]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2015-10-24]
CHR Extension: (Google Docs) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-23]
CHR Extension: (Google Drive) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-23]
CHR Extension: (Google Search) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-24]
CHR Extension: (Google Sheets) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-23]
CHR Extension: (Google Docs Offline) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23]
CHR Extension: (Gmail) - C:\Users\Celine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-23]
CHR HKLM-x32\...\Chrome\Extension: [ahmpjcflkgiildlgicmcieglgoilbfdp] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 livefixmy; C:\ProgramData\livefixmy\livefixmy.exe [66712 2015-10-14] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1779664 2015-10-07] (Micro-Star INT'L CO., LTD.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-08-31] (Intel Corporation)
R2 XLWFP; C:\Windows\System32\drivers\xlwfp.sys [56080 2015-08-31] (深圳市迅雷网络技术有限公司)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-27 14:46 - 2015-10-27 14:46 - 00001211 _____ C:\Users\Celine\Desktop\MBAM.txt
2015-10-27 14:24 - 2015-10-27 14:24 - 01694208 _____ C:\Users\Celine\Desktop\adwcleaner_5.015.exe
2015-10-26 22:56 - 2015-10-27 14:26 - 00000000 ____D C:\AdwCleaner
2015-10-26 22:52 - 2015-10-26 22:52 - 00000000 ____D C:\Users\Celine\Desktop\FRST-OlderVersion
2015-10-24 18:09 - 2015-10-24 18:09 - 00039210 ____N C:\Users\Celine\Desktop\Addition.txt
2015-10-24 18:08 - 2015-10-28 22:37 - 00012286 _____ C:\Users\Celine\Desktop\FRST.txt
2015-10-24 18:08 - 2015-10-28 22:36 - 00000000 ____D C:\FRST
2015-10-24 18:07 - 2015-10-26 22:52 - 02197504 _____ (Farbar) C:\Users\Celine\Desktop\FRST64.exe
2015-10-24 17:44 - 2015-10-24 17:44 - 00002524 ____N C:\Users\Celine\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-10-24 17:44 - 2015-10-24 17:44 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-10-24 17:44 - 2015-10-24 17:44 - 00000000 ____D C:\Users\Celine\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-10-24 17:30 - 2015-10-24 17:30 - 00003146 _____ C:\Windows\System32\Tasks\{1ACFF802-8F1C-48BE-A7BF-509DF2813229}
2015-10-24 17:26 - 2015-10-26 22:50 - 00000000 ____D C:\Program Files (x86)\Thunder Network
2015-10-24 17:25 - 2015-10-28 22:35 - 00000560 _____ C:\Windows\setupact.log
2015-10-24 17:25 - 2015-10-27 18:21 - 00021976 _____ C:\Windows\PFRO.log
2015-10-24 17:25 - 2015-10-24 17:25 - 00000000 _____ C:\Windows\setuperr.log
2015-10-24 17:20 - 2015-10-24 17:20 - 00003136 _____ C:\Windows\System32\Tasks\{1B79DEE9-C1C2-4C01-848F-06D2D401B556}
2015-10-24 16:07 - 2015-10-24 16:29 - 00000000 ____D C:\ProgramData\Thunder Network
2015-10-24 15:01 - 2015-10-24 15:01 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-10-24 14:55 - 2015-10-24 14:55 - 00000000 ____D C:\Users\Celine\AppData\Local\Bluestacks
2015-10-24 14:43 - 2015-10-28 22:36 - 00000000 ____D C:\Users\Public\livefixmy
2015-10-24 14:42 - 2015-10-28 22:36 - 00000000 ____D C:\ProgramData\livefixmy
2015-10-24 14:42 - 2015-10-24 14:42 - 00000020 _____ C:\Windows\system32\pub_store.dat
2015-10-24 14:42 - 2015-10-24 14:42 - 00000000 ____D C:\Users\Public\mycalendar
2015-10-24 14:42 - 2015-10-24 14:42 - 00000000 ____D C:\Program Files\Common Files\Thunder Network
2015-10-24 14:42 - 2014-06-17 15:33 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2015-10-24 14:42 - 2014-06-17 15:33 - 00080264 _____ (深圳市迅雷技术有限公司) C:\Windows\xinstaller.1.3.0.22.dll
2015-10-24 14:42 - 2014-06-17 15:33 - 00080264 _____ (深圳市迅雷技术有限公司) C:\Windows\SysWOW64\xinstaller.dll
2015-10-24 14:42 - 2014-06-17 15:33 - 00035208 _____ (深圳市迅雷技术有限公司) C:\Windows\xinstaller.1.3.0.22.exe
2015-10-24 14:42 - 2014-06-17 15:33 - 00035208 _____ (深圳市迅雷技术有限公司) C:\Windows\SysWOW64\xInstaller.exe
2015-10-24 14:39 - 2015-10-24 14:39 - 00000000 ____D C:\Users\Celine\AppData\Roaming\ѸÀ×ÓÎÏ·
2015-10-24 14:35 - 2015-10-24 17:26 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2015-10-24 14:35 - 2015-10-24 17:26 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2015-10-24 14:35 - 2015-10-24 17:26 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\atl90.dll
2015-10-24 14:35 - 2015-10-24 17:26 - 00001857 _____ C:\Windows\system32\Microsoft.VC90.CRT.manifest
2015-10-24 14:35 - 2015-10-24 17:26 - 00000466 _____ C:\Windows\system32\Microsoft.VC90.ATL.manifest
2015-10-24 14:34 - 2015-10-26 22:50 - 00000000 ____D C:\Users\Public\Thunder Network
2015-10-24 14:34 - 2015-10-24 17:27 - 00000000 ____D C:\Users\Celine\AppData\LocalLow\Thunder Network
2015-10-24 14:34 - 2015-10-24 14:34 - 00000020 _____ C:\Windows\SysWOW64\pub_store.dat
2015-10-24 14:21 - 2015-10-24 14:21 - 04079944 _____ (Google Inc.) C:\Windows\system32\GooglePinyin2.ime
2015-10-24 14:21 - 2015-10-24 14:21 - 03495240 _____ (Google Inc.) C:\Windows\SysWOW64\GooglePinyin2.ime
2015-10-24 14:21 - 2015-10-24 14:21 - 00003102 _____ C:\Windows\System32\Tasks\Google Pinyin Daemon
2015-10-24 14:21 - 2015-10-24 14:21 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Google
2015-10-24 14:21 - 2015-10-24 14:21 - 00000000 ____D C:\ProgramData\Google
2015-10-24 11:55 - 2015-10-23 22:37 - 00000000 ____D C:\Windows\Panther
2015-10-24 10:59 - 2015-10-24 10:59 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-24 10:59 - 2015-10-24 10:59 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-24 10:57 - 2015-10-24 10:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-10-23 22:37 - 2015-10-27 14:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-23 22:35 - 2015-10-23 22:35 - 00001075 ____N C:\Users\Celine\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2015-10-23 22:26 - 2015-10-23 22:26 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-10-23 22:26 - 2015-10-23 22:26 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-10-23 22:26 - 2015-10-23 22:26 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-23 22:26 - 2015-10-23 22:26 - 00000000 ____D C:\Program Files\Adobe
2015-10-23 22:25 - 2015-10-23 22:25 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-10-23 22:25 - 2015-10-23 22:25 - 00001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-10-23 22:23 - 2015-10-23 22:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-23 22:22 - 2015-10-23 22:22 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Macromedia
2015-10-23 22:13 - 2015-10-23 22:13 - 00002951 ____N C:\Users\Celine\Desktop\Microsoft Excel 2010.lnk
2015-10-23 22:04 - 2015-10-23 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-10-23 22:04 - 2015-10-23 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-10-23 22:04 - 2015-10-23 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2015-10-23 22:03 - 2015-10-23 22:03 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-10-23 22:03 - 2015-10-23 22:03 - 00000000 ____D C:\Windows\PCHEALTH
2015-10-23 22:03 - 2015-10-23 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-10-23 22:03 - 2015-10-23 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-10-23 22:02 - 2015-10-23 22:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-23 22:02 - 2015-10-23 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-23 22:02 - 2015-10-23 22:02 - 00000000 ____D C:\Users\Celine\AppData\Local\Microsoft Help
2015-10-23 22:02 - 2015-10-23 22:02 - 00000000 ____D C:\Program Files\Microsoft Office
2015-10-23 22:02 - 2015-10-23 22:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-10-23 22:02 - 2015-10-23 22:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-10-23 22:01 - 2015-10-23 22:01 - 00000000 __RHD C:\MSOCache
2015-10-23 21:58 - 2015-10-23 21:58 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-23 21:58 - 2015-10-23 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-23 21:58 - 2015-10-23 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-23 21:58 - 2015-10-23 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-23 21:58 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-23 21:58 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-23 21:58 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-23 21:47 - 2015-10-23 21:47 - 00000000 ____D C:\ProgramData\WEBREG
2015-10-23 21:46 - 2015-10-23 21:47 - 00000000 ____D C:\Users\Celine\AppData\Roaming\HP
2015-10-23 21:45 - 2015-10-24 15:54 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Yahoo!
2015-10-23 21:45 - 2015-10-23 21:50 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-10-23 21:44 - 2015-10-23 21:44 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-10-23 21:44 - 2015-10-23 21:44 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-10-23 21:44 - 2015-10-23 21:44 - 00000000 ____D C:\Users\Celine\AppData\Roaming\HpUpdate
2015-10-23 21:44 - 2015-10-23 21:44 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-10-23 21:42 - 2015-10-23 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-23 21:42 - 2015-10-23 21:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-10-23 21:41 - 2015-10-23 21:50 - 00000000 ____D C:\Program Files (x86)\HP
2015-10-23 21:41 - 2008-12-16 18:18 - 00145408 _____ (Hewlett-Packard Company) C:\Windows\system32\hpfll6en.dll
2015-10-23 21:40 - 2015-10-23 21:50 - 00003901 _____ C:\ProgramData\hpzinstall.log
2015-10-23 21:40 - 2015-10-23 21:46 - 00171880 _____ C:\Windows\hphins32.dat
2015-10-23 21:40 - 2015-10-23 21:46 - 00000000 ____D C:\ProgramData\HP
2015-10-23 21:40 - 2010-02-13 10:59 - 00000558 ____N C:\Windows\hphmdl32.dat
2015-10-23 21:40 - 2008-10-30 16:46 - 00362328 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2015-10-23 21:36 - 2015-10-24 17:46 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Free Download Manager
2015-10-23 21:36 - 2015-10-23 21:36 - 00001067 ____N C:\Users\Celine\Desktop\Free Download Manager.lnk
2015-10-23 21:36 - 2015-10-23 21:36 - 00000000 ____D C:\Users\Celine\AppData\Roaming\FreeDownloadManager.ORG
2015-10-23 21:36 - 2015-10-23 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-10-23 21:36 - 2015-10-23 21:36 - 00000000 ____D C:\ProgramData\FreeDownloadManager.ORG
2015-10-23 21:36 - 2015-10-23 21:36 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
2015-10-23 21:32 - 2015-10-23 21:32 - 00000000 ____D C:\Users\Celine\AppData\Local\CEF
2015-10-23 21:31 - 2015-10-23 22:35 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Adobe
2015-10-23 21:31 - 2015-10-23 21:31 - 00000000 ____D C:\Users\Celine\AppData\LocalLow\Adobe
2015-10-23 21:30 - 2015-10-23 21:30 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-10-23 21:30 - 2015-10-23 21:30 - 00000000 _____ C:\Users\Celine\Sti_Trace.log
2015-10-23 21:29 - 2015-10-23 21:30 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Canon
2015-10-23 21:29 - 2015-10-23 21:29 - 00002095 _____ C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
2015-10-23 21:29 - 2015-10-23 21:29 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-10-23 21:29 - 2015-10-23 21:29 - 00000000 ____D C:\Windows\system32\vbox
2015-10-23 21:29 - 2015-10-23 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-23 21:29 - 2015-10-23 21:29 - 00000000 ____D C:\Program Files (x86)\Canon
2015-10-23 21:28 - 2015-10-23 21:28 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-10-23 21:28 - 2015-10-23 21:28 - 00000000 ___HD C:\Program Files\CanonBJ
2015-10-23 21:28 - 2015-10-23 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 100
2015-10-23 21:28 - 2009-04-02 18:12 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNQ2413C.DLL
2015-10-23 21:28 - 2009-04-02 18:12 - 00092672 _____ (CANON INC.) C:\Windows\system32\CNQ2413I.DLL
2015-10-23 21:28 - 2008-05-02 09:14 - 00677888 _____ (CANON INC.) C:\Windows\system32\CNQ2413L.DLL
2015-10-23 21:28 - 2007-03-15 14:13 - 00229888 _____ (Canon Inc.) C:\Windows\system32\CNQ2413O.DLL
2015-10-23 21:26 - 2015-10-24 16:49 - 00000000 ____D C:\ProgramData\AVAST Software
2015-10-23 21:25 - 2015-10-23 21:25 - 00016154 _____ C:\Windows\system32\results.xml
2015-10-23 21:24 - 2015-10-23 21:24 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2015-10-23 21:24 - 2015-10-23 21:24 - 00001202 _____ C:\Users\Public\Desktop\HD VDeck.lnk
2015-10-23 21:23 - 2015-10-23 21:24 - 00000000 ____D C:\Program Files (x86)\VIA
2015-10-23 21:23 - 2011-06-14 21:42 - 02159728 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2015-10-23 21:23 - 2011-06-14 21:42 - 01161328 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00994928 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00559216 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00248944 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00202864 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00116848 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00091760 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00087152 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2015-10-23 21:23 - 2011-06-14 21:42 - 00027760 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2015-10-23 21:23 - 2011-06-08 18:19 - 00085504 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2015-10-23 21:23 - 2011-06-08 18:19 - 00083968 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPO.dll
2015-10-23 21:23 - 2007-04-11 15:35 - 00414632 ____N (Microsoft Corporation) C:\Windows\difxapi.dll
2015-10-23 21:22 - 2012-05-15 07:13 - 00144896 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-10-23 21:22 - 2012-05-15 07:13 - 00020992 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-10-23 21:22 - 2012-05-15 06:20 - 00104448 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-10-23 21:22 - 2012-05-15 06:20 - 00017920 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-10-23 21:21 - 2015-10-23 21:21 - 00003176 _____ C:\Windows\System32\Tasks\{DDEC1C91-C263-456B-A889-7B678674BE92}
2015-10-23 21:21 - 2012-10-06 05:07 - 00509248 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-10-23 21:21 - 2012-10-06 05:07 - 00276288 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-10-23 21:21 - 2012-10-06 05:07 - 00170304 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-10-23 21:21 - 2012-10-06 05:06 - 05902656 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-10-23 21:21 - 2012-10-06 05:06 - 00441152 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-10-23 21:21 - 2012-10-06 05:06 - 00398656 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-10-23 21:21 - 2012-10-06 05:06 - 00251712 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-10-23 21:21 - 2012-10-06 05:06 - 00184640 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-10-23 21:21 - 2012-09-29 02:51 - 12887040 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 12836864 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 12604416 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 11158528 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 11040256 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 10673664 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 09007616 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 05343584 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-10-23 21:21 - 2012-09-29 02:51 - 04571136 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 03776512 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 01981696 _____ C:\Windows\system32\iglhxa64.cpa
2015-10-23 21:21 - 2012-09-29 02:51 - 00963452 _____ C:\Windows\SysWOW64\igcodeckrng600.bin
2015-10-23 21:21 - 2012-09-29 02:51 - 00963452 _____ C:\Windows\system32\igcodeckrng600.bin
2015-10-23 21:21 - 2012-09-29 02:51 - 00604160 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00524800 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00519680 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00501760 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00482304 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00448512 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00441856 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00431104 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00410624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00386048 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00330240 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-10-23 21:21 - 2012-09-29 02:51 - 00272928 _____ C:\Windows\SysWOW64\igvpkrng600.bin
2015-10-23 21:21 - 2012-09-29 02:51 - 00272928 _____ C:\Windows\system32\igvpkrng600.bin
2015-10-23 21:21 - 2012-09-29 02:51 - 00223233 _____ C:\Windows\system32\Gfxres.th-TH.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00216064 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00209727 _____ C:\Windows\system32\Gfxres.el-GR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00193862 _____ C:\Windows\system32\Gfxres.ru-RU.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00180224 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00173568 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00165865 _____ C:\Windows\system32\Gfxres.ar-SA.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00163120 _____ C:\Windows\system32\Gfxres.ja-JP.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00158727 _____ C:\Windows\system32\Gfxres.he-IL.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00149390 _____ C:\Windows\system32\Gfxres.it-IT.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00147759 _____ C:\Windows\system32\Gfxres.ko-KR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00147101 _____ C:\Windows\system32\Gfxres.de-DE.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00147010 _____ C:\Windows\system32\Gfxres.es-ES.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00145715 _____ C:\Windows\system32\Gfxres.ro-RO.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00145211 _____ C:\Windows\system32\Gfxres.fr-FR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00144378 _____ C:\Windows\system32\Gfxres.tr-TR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00143976 _____ C:\Windows\system32\Gfxres.pt-BR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00143730 _____ C:\Windows\system32\Gfxres.nl-NL.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00143657 _____ C:\Windows\system32\Gfxres.hu-HU.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00142990 _____ C:\Windows\system32\Gfxres.pt-PT.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00142617 _____ C:\Windows\system32\Gfxres.sv-SE.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00142423 _____ C:\Windows\system32\Gfxres.pl-PL.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00142008 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00141739 _____ C:\Windows\system32\Gfxres.fi-FI.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00141574 _____ C:\Windows\system32\Gfxres.sk-SK.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00140779 _____ C:\Windows\system32\Gfxres.hr-HR.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00137621 _____ C:\Windows\system32\Gfxres.sl-SI.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00137534 _____ C:\Windows\system32\Gfxres.nb-NO.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00136873 _____ C:\Windows\system32\Gfxres.da-DK.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00132360 _____ C:\Windows\system32\Gfxres.en-US.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-10-23 21:21 - 2012-09-29 02:51 - 00126035 _____ C:\Windows\system32\Gfxres.zh-TW.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00124403 _____ C:\Windows\system32\Gfxres.zh-CN.resources
2015-10-23 21:21 - 2012-09-29 02:51 - 00116224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2867.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00094208 _____ C:\Windows\system32\IccLibDll_x64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00080384 _____ C:\Windows\system32\igdde64.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00064512 _____ C:\Windows\SysWOW64\igdde32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00063488 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00059425 _____ C:\Windows\system32\iglhxo64.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00059398 _____ C:\Windows\system32\iglhxg64.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00059230 _____ C:\Windows\system32\iglhxc64.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00059104 _____ C:\Windows\system32\iglhxc64_dev.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00058796 _____ C:\Windows\system32\iglhxg64_dev.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00058109 _____ C:\Windows\system32\iglhxo64_dev.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00028672 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00017058 _____ C:\Windows\system32\iglhxs64.vp
2015-10-23 21:21 - 2012-09-29 02:51 - 00009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-10-23 21:21 - 2012-09-29 02:51 - 00001074 _____ C:\Windows\system32\iglhxa64.vp
2015-10-23 21:19 - 2015-10-23 21:19 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2015-10-23 21:19 - 2013-07-18 13:54 - 00129224 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C62x64.sys
2015-10-23 21:17 - 2015-10-23 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-10-23 21:17 - 2015-10-23 21:17 - 00000000 ____D C:\Program Files (x86)\MSI
2015-10-23 21:17 - 2015-10-20 14:58 - 00000000 ____D C:\Windows\SysWOW64\LiveUpdate
2015-10-23 21:15 - 2015-10-23 21:22 - 00000000 ____D C:\Intel
2015-10-23 21:15 - 2012-07-04 10:55 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-10-23 21:14 - 2015-10-23 21:14 - 00003180 _____ C:\Windows\System32\Tasks\{5AC9EAA8-BA76-4D32-8CAA-9641FE2CDF55}
2015-10-23 21:08 - 2015-10-27 18:26 - 00015122 _____ C:\Windows\SysWOW64\Gms.log
2015-10-23 21:08 - 2015-10-23 21:17 - 00001959 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2015-10-23 21:08 - 2015-10-23 21:17 - 00000000 ____D C:\MSI
2015-10-23 21:08 - 2014-04-30 16:23 - 00011248 _____ (Windows ® Win 7 DDK provider) C:\Windows\acpimof.dll
2015-10-23 21:05 - 2015-10-23 21:05 - 00000000 ____D C:\Users\Celine\Tracing
2015-10-23 21:04 - 2015-10-23 21:07 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Skype
2015-10-23 21:04 - 2015-10-23 21:04 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-23 21:04 - 2015-10-23 21:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-23 21:04 - 2015-10-23 21:04 - 00000000 ____D C:\Users\Celine\AppData\Local\Skype
2015-10-23 21:04 - 2015-10-23 21:04 - 00000000 ____D C:\ProgramData\Skype
2015-10-23 21:04 - 2015-10-23 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-23 20:59 - 2015-10-23 20:59 - 00771962 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-23 20:51 - 2015-10-27 14:38 - 00001075 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-23 20:51 - 2015-10-27 14:38 - 00001063 ____R C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-23 20:51 - 2015-10-23 22:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-23 20:51 - 2015-10-23 21:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-23 20:51 - 2015-10-23 20:52 - 00000000 ____D C:\Users\Celine\AppData\Roaming\Mozilla
2015-10-23 20:51 - 2015-10-23 20:51 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-23 20:51 - 2015-10-23 20:51 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-23 20:51 - 2015-10-23 20:51 - 00000000 ____D C:\Users\Celine\AppData\Local\Mozilla
2015-10-23 20:51 - 2015-10-23 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-23 20:51 - 2015-10-23 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-23 20:50 - 2015-10-23 22:27 - 00000000 ____D C:\ProgramData\Adobe
2015-10-23 20:49 - 2015-10-24 14:14 - 00000000 ____D C:\Users\Celine\AppData\Local\Adobe
2015-10-23 20:49 - 2015-10-23 20:49 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-10-23 20:49 - 2015-10-23 20:49 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-23 20:49 - 2015-10-23 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-23 20:49 - 2015-10-23 20:49 - 00000000 ____D C:\Program Files\CCleaner
2015-10-23 20:48 - 2009-11-26 03:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-10-23 20:48 - 2009-11-26 03:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-10-23 20:48 - 2009-11-26 03:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-10-23 20:48 - 2009-11-26 03:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-10-23 20:44 - 2015-10-23 21:22 - 00000000 ____D C:\ProgramData\Intel
2015-10-23 20:44 - 2015-10-23 21:22 - 00000000 ____D C:\Program Files (x86)\Intel
2015-10-23 20:44 - 2015-10-23 20:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-10-23 20:44 - 2015-10-23 20:44 - 00000000 ____D C:\Program Files\Intel
2015-10-23 20:42 - 2012-07-26 12:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-10-23 20:42 - 2012-07-26 12:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-10-23 20:42 - 2012-07-26 10:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-10-23 20:42 - 2012-06-02 22:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-10-23 20:36 - 2015-06-23 13:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-10-23 20:30 - 2015-10-28 22:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-23 20:30 - 2015-10-27 18:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-23 20:30 - 2015-10-27 14:38 - 00001260 ____R C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-23 20:30 - 2015-10-24 14:21 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-23 20:30 - 2015-10-23 20:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-23 20:30 - 2015-10-23 20:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-23 20:30 - 2015-10-23 20:30 - 00000000 ____D C:\Users\Celine\AppData\Local\Google
2015-10-23 20:30 - 2015-10-23 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-23 20:29 - 2015-10-24 14:44 - 00109616 _____ C:\Users\Celine\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-23 20:29 - 2015-10-23 20:30 - 00000000 ____D C:\Users\Celine\AppData\Local\Deployment
2015-10-23 20:29 - 2015-10-23 20:29 - 00000000 ____D C:\Users\Celine\AppData\Local\Apps\2.0
2015-10-23 20:26 - 2015-10-23 20:26 - 00000000 ____D C:\ProgramData\Dell
2015-10-23 20:25 - 2015-10-23 21:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-23 20:25 - 2015-10-23 20:25 - 00000000 ____D C:\ProgramData\TP-LINK
2015-10-23 20:25 - 2015-10-23 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-10-23 20:25 - 2011-05-03 22:13 - 00008820 _____ C:\Windows\system32\athurextx.cat
2015-10-23 20:25 - 2011-04-20 03:07 - 01930240 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
2015-10-23 20:25 - 2011-04-20 03:07 - 01930240 _____ (Atheros Communications, Inc.) C:\Windows\system32\athurx.sys
2015-10-23 20:20 - 2015-10-27 18:26 - 00113146 _____ C:\Windows\WindowsUpdate.log
2015-10-23 20:18 - 2015-10-27 14:38 - 00001114 ____R C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-23 20:18 - 2015-10-27 14:38 - 00001114 ____R C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-10-23 20:18 - 2015-10-24 14:44 - 00000000 ____D C:\Users\Celine\AppData\Local\VirtualStore
2015-10-23 20:17 - 2015-10-23 21:30 - 00000000 ____D C:\Users\Celine
2015-10-23 20:17 - 2015-10-23 20:17 - 00000020 ___SH C:\Users\Celine\ntuser.ini
2015-10-23 20:17 - 2015-10-23 20:17 - 00000000 __SHD C:\Recovery
2015-10-23 20:17 - 2009-07-14 12:54 - 00000000 ___RD C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-23 20:17 - 2009-07-14 12:49 - 00000000 ___RD C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-28 22:35 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-27 18:26 - 2009-07-14 12:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-27 18:26 - 2009-07-14 12:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-27 18:25 - 2009-07-14 13:13 - 00780070 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-27 14:42 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\AppCompat
2015-10-24 16:44 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Speech
2015-10-24 15:56 - 2009-07-14 12:45 - 05034320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-24 11:55 - 2009-07-14 13:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-10-24 11:55 - 2009-07-14 13:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-10-24 10:59 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-24 10:59 - 2009-07-14 11:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-24 10:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-10-24 10:56 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\CSC
2015-10-23 23:32 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2015-10-23 22:24 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-23 22:04 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\ShellNew
2015-10-23 22:04 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-23 22:02 - 2009-07-14 10:34 - 00000478 _____ C:\Windows\win.ini
2015-10-23 21:29 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media
2015-10-23 20:43 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-23 20:27 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-23 20:25 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\system32\restore
 
==================== Files in the root of some directories =======
 
2015-10-23 21:40 - 2015-10-23 21:50 - 0003901 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Celine\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-23 23:24
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by Celine (2015-10-28 22:37:16)
Running from C:\Users\Celine\Desktop
Windows 7 Ultimate (X64) (2015-10-23 12:17:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3295371147-2942387223-962318981-500 - Administrator - Disabled)
Celine (S-1-5-21-3295371147-2942387223-962318981-1000 - Administrator - Enabled) => C:\Users\Celine
Guest (S-1-5-21-3295371147-2942387223-962318981-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3295371147-2942387223-962318981-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
CanoScan LiDE 100 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
D2600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
DJ_SF_05_D2600_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Free Download Manager 3.9.6 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Deskjet D2600 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{7B8E0D63-C8FB-4F04-8B3A-029C4707693A}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.009 - MSI)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TL-WN822N/TL-WN821N Driver (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.0.0 - TP-LINK)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version:  - Google Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
23-10-2015 22:01:44 Installed Microsoft Office Professional Plus 2010
24-10-2015 15:59:26 JRT Pre-Junkware Removal
24-10-2015 16:48:26 avast! antivirus system restore point
24-10-2015 17:44:13 Installed Windows 7 USB/DVD Download Tool
26-10-2015 22:52:31 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2015-10-26 22:52 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {266CC5F8-7EC4-4814-ADC7-43D2D274219A} - System32\Tasks\{5AC9EAA8-BA76-4D32-8CAA-9641FE2CDF55} => pcalua.exe -a C:\MSI\LiveUpdate\DL_FILE\Atheros_Network_Drivers_2.1.0.21.exe -d C:\MSI\LiveUpdate\DL_FILE
Task: {3012EB38-F0DC-40B1-9F07-1DF46DF88D9E} - System32\Tasks\{DDEC1C91-C263-456B-A889-7B678674BE92} => pcalua.exe -a C:\MSI\LiveUpdate\DL_FILE\Intel_SVGA_Driver_9.17.10.2867.exe -d C:\MSI\LiveUpdate\DL_FILE
Task: {364BB97C-5A9D-4B1C-8C77-CDF35874451F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-15] (Adobe Systems Incorporated)
Task: {53E95992-E9EE-4E70-BF97-24BDB7BF05CA} - System32\Tasks\{1B79DEE9-C1C2-4C01-848F-06D2D401B556} => pcalua.exe -a "C:\Program Files (x86)\Thunder Network\Thunder\ThunderUninstall.exe"
Task: {743F73A2-2F2F-47AE-A06E-3B8DAED8843E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-17] (Piriform Ltd)
Task: {7C2E3E48-1D12-4C8B-A869-309EE4381849} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23] (Google Inc.)
Task: {B225D83B-3BF5-4135-8059-F2DA53489FB3} - System32\Tasks\Google Pinyin Daemon => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2015-10-24] (Google Inc.)
Task: {CA25AB35-9A1D-4D6D-965E-2E43E3EBE2DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23] (Google Inc.)
Task: {DE628DA5-613E-4ED9-BC3B-4753755CF5A2} - System32\Tasks\{1ACFF802-8F1C-48BE-A7BF-509DF2813229} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Uninstall.exe"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-10-24 14:43 - 2015-10-14 18:44 - 00066712 _____ () C:\ProgramData\livefixmy\livefixmy.exe
2015-10-24 14:21 - 2015-10-24 14:21 - 00921416 _____ () C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
2015-10-23 21:21 - 2012-09-29 02:51 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-24 14:43 - 2015-10-14 18:44 - 00184472 _____ () C:\ProgramData\livefixmy\livefixmy.dll
2015-10-23 21:17 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2015-09-04 20:34 - 2015-09-04 20:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/26/2015 10:52:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7221efc6-918b-40d8-ae85-28db6f597ca4}
 
Error: (10/24/2015 05:32:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 1.0.0.161 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 620
 
Start Time: 01d10e3ea8de0f37
 
Termination Time: 0
 
Application Path: C:\Users\Celine\AppData\Local\Temp\~nsu.tmp\Au_.exe
 
Report Id:
 
Error: (10/24/2015 05:30:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 1.0.0.161 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 102c
 
Start Time: 01d10e3e42126665
 
Termination Time: 0
 
Application Path: C:\Users\Celine\AppData\Local\Temp\~nsu.tmp\Au_.exe
 
Report Id:
 
Error: (10/24/2015 05:26:19 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/24/2015 05:26:19 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/24/2015 05:26:19 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/24/2015 05:26:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (10/24/2015 05:26:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/24/2015 05:26:18 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (10/24/2015 05:26:18 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (10/27/2015 02:26:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/27/2015 02:26:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/27/2015 02:26:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/27/2015 02:26:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/27/2015 02:26:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VIA Karaoke digital mixer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/27/2015 02:26:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSI_LiveUpdate_Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/27/2015 02:26:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The livefixmy service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/27/2015 02:26:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/27/2015 02:26:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/26/2015 10:55:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 26%
Total physical RAM: 3986.91 MB
Available physical RAM: 2911.74 MB
Total Virtual: 7971.97 MB
Available Virtual: 6851.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:244.04 GB) (Free:216.43 GB) NTFS
Drive d: () (Fixed) (Total:687.37 GB) (Free:684.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EED3A8DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#9
Bruce1270
Posted 28 October 2015 - 04:49 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi WyffgoaL

Please run this latest FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   4.28KB   355 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    Once it is completed and machine has rebooted please let me know how your computer is running now.

  • 0

#10
WyffGoaL
Posted 28 October 2015 - 05:02 PM

WyffGoaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hi Bruce1270,

Hao123.com is still showing on the homepage for all browsers, log details are as below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by Celine (2015-10-29 06:59:45) Run:2
Running from C:\Users\Celine\Desktop
Loaded Profiles: Celine (Available Profiles: Celine)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
ShellIconOverlayIdentifiers: [.XLKKDesktopIcon] -> {4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} => C:\Users\Public\Thunder Network\KKVideo\Addins\KKVIconHandler64.dll [2014-11-18] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.85.(852).dll [2015-07-13] (深圳市迅雷网络技术有限公司)
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
FF Homepage: hxxp://www.google.com
FF Extension: No Name - C:\Users\Celine\AppData\Roaming\Mozilla\Firefox\Profiles\t0o8zt3e.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C} [not found]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
R2 XLWFP; C:\Windows\System32\drivers\xlwfp.sys [56080 2015-08-31] (深圳市迅雷网络技术有限公司)
2015-10-24 17:26 - 2015-10-26 22:50 - 00000000 ____D C:\Program Files (x86)\Thunder Network
2015-10-24 14:34 - 2015-10-26 22:50 - 00000000 ____D C:\Users\Public\Thunder Network
2015-10-24 14:34 - 2015-10-24 17:27 - 00000000 ____D C:\Users\Celine\AppData\LocalLow\Thunder Network
2015-10-24 14:42 - 2014-06-17 15:33 - 00080264 _____ (深圳市迅雷技术有限公司) C:\Windows\xinstaller.1.3.0.22.dll
2015-10-24 14:42 - 2014-06-17 15:33 - 00080264 _____ (深圳市迅雷技术有限公司) C:\Windows\SysWOW64\xinstaller.dll
2015-10-24 14:42 - 2014-06-17 15:33 - 00035208 _____ (深圳市迅雷技术有限公司) C:\Windows\xinstaller.1.3.0.22.exe
2015-10-24 14:42 - 2014-06-17 15:33 - 00035208 _____ (深圳市迅雷技术有限公司) C:\Windows\SysWOW64\xInstaller.exe
2015-10-24 14:42 - 2015-10-24 14:42 - 00000000 ____D C:\Program Files\Common Files\Thunder Network
Task: {53E95992-E9EE-4E70-BF97-24BDB7BF05CA} - System32\Tasks\{1B79DEE9-C1C2-4C01-848F-06D2D401B556} => pcalua.exe -a "C:\Program Files (x86)\Thunder Network\Thunder\ThunderUninstall.exe"
Task: {DE628DA5-613E-4ED9-BC3B-4753755CF5A2} - System32\Tasks\{1ACFF802-8F1C-48BE-A7BF-509DF2813229} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Uninstall.exe"
C:\Program Files (x86)\Common Files\Thunder Network
EmptyTemp: 
*****************
 
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.XLKKDesktopIcon" => key removed successfully
"HKCR\CLSID\{4DB0021B-1EC2-4C31-BD79-FEA2892EEB43}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AAADesktopTips" => key removed successfully
"HKCR\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}" => key removed successfully
HKU\S-1-5-21-3295371147-2942387223-962318981-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
Firefox "homepage" removed successfully
C:\Users\Celine\AppData\Roaming\Mozilla\Firefox\Profiles\t0o8zt3e.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C} => path removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
XLWFP => Service stopped successfully.
XLWFP => service removed successfully
C:\Program Files (x86)\Thunder Network => moved successfully
C:\Users\Public\Thunder Network => moved successfully
C:\Users\Celine\AppData\LocalLow\Thunder Network => moved successfully
C:\Windows\xinstaller.1.3.0.22.dll => moved successfully
C:\Windows\SysWOW64\xinstaller.dll => moved successfully
C:\Windows\xinstaller.1.3.0.22.exe => moved successfully
C:\Windows\SysWOW64\xInstaller.exe => moved successfully
C:\Program Files\Common Files\Thunder Network => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53E95992-E9EE-4E70-BF97-24BDB7BF05CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53E95992-E9EE-4E70-BF97-24BDB7BF05CA}" => key removed successfully
C:\Windows\System32\Tasks\{1B79DEE9-C1C2-4C01-848F-06D2D401B556} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B79DEE9-C1C2-4C01-848F-06D2D401B556}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE628DA5-613E-4ED9-BC3B-4753755CF5A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE628DA5-613E-4ED9-BC3B-4753755CF5A2}" => key removed successfully
C:\Windows\System32\Tasks\{1ACFF802-8F1C-48BE-A7BF-509DF2813229} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1ACFF802-8F1C-48BE-A7BF-509DF2813229}" => key removed successfully
C:\Program Files (x86)\Common Files\Thunder Network => moved successfully
EmptyTemp: => 185.4 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 07:00:03 ====

  • 0

Advertisements

#11
Bruce1270
Posted 29 October 2015 - 04:19 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi WyffgoaL

Let's try to reset all your browsers to see if this fixes the issue.
  • Please see this guide on how to reset your web browsers.
  • Please follow the instructions for Chrome, FireFox and Internet Explorer.

    Once complete, please let me know how your computer is running and if the redirects are still there?

    Thanks.

  • 0

#12
WyffGoaL
Posted 30 October 2015 - 06:21 AM

WyffGoaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hi Bruce1270,

I've done the resetting for all existing browsers before, it won't help as the "target" shortcut is always set as hao123.com, I'm not sure why it couldn't be removed at all. The tools that you asked me to use say the target shortcuts have been fixed, but they are not at all though.

It's getting quite frustrating now. Please refer to the link below for the actual image:

 

http://screencast.com/t/1JegHiXnvI

 

 

Thanks once again.
 


  • 0

#13
Bruce1270
Posted 30 October 2015 - 06:57 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi WyffGoal

Just to clarify does Internet explorer and Firefox still have the same issue in terms of the shortcuts or is it only Chrome?
  • 0

#14
WyffGoaL
Posted 30 October 2015 - 11:03 AM

WyffGoaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hi Bruce,

It's all of them.

Thanks once again.


  • 0

#15
Essexboy
Posted 31 October 2015 - 10:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi WyffgoaL

OK, Let's try to uninstall the browsers to see if this gets rid of it.

Step1 - Uninstall Chrome

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
5. Close all Chrome windows and tabs.
6. Go to the Start menu > Control Panel.
7. Click Uninstall a Program or Programmes and Features
8. Double-click Google Chrome.
9. Click Uninstall from the confirmation dialogue. Select the "Also delete your browsing data" tick box.
10. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
11. Import your bookmarks back into Chrome
12. Sign back in to your Chrome browser so that your bookmarks sync with your online account.


Step2 - Uninstall Firefox
  • To uninstall Firefox follow the steps in this guide.
  • If you wish to reinstall FireFox then download the latest version from Mozilla.org


    Step3 - Upgrade Internet Explorer

    Your Internet explorer is out of date. Please download and install the latest version for windows 7 from here


    Once you have followed these steps let me know how your computer in running now.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP