Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspicious Activity under Internet Explorer


  • Please log in to reply

#1
Peter Lee

Peter Lee

    Member

  • Member
  • PipPipPip
  • 117 posts

I'm using Windows 8.1 Pro.  I never use Internet Explorer.  I found suspicious activity under Internet Explorer.  Under History many urls found.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
     
    •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    Peter Lee

    Peter Lee

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 117 posts

    # AdwCleaner v6.044 - Logfile created 03/03/2017 at 21:05:32
    # Updated on 28/02/2017 by Malwarebytes
    # Database : 2017-03-02.1 [Server]
    # Operating System : Windows 8.1 Pro with Media Center  (X64)
    # Username : Lee - PETERLEE
    # Running from : C:\Users\Lee\Documents\Virus\geekstogo\AdwCleaner.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    Folder Found:  C:\Users\Lee\AppData\Local\svchost


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\120ask.com
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.120ask.com
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\120ask.com
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.120ask.com
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [1050 Bytes] - [02/03/2017 22:18:18]
    C:\AdwCleaner\AdwCleaner[S0].txt - [1185 Bytes] - [02/03/2017 22:17:43]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1786 Bytes] - [03/03/2017 21:05:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1859 Bytes] ##########
     


    • 0

    #4
    Peter Lee

    Peter Lee

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 117 posts

    # AdwCleaner v6.044 - Logfile created 03/03/2017 at 21:19:00
    # Updated on 28/02/2017 by Malwarebytes
    # Database : 2017-03-02.1 [Server]
    # Operating System : Windows 8.1 Pro with Media Center  (X64)
    # Username : Lee - PETERLEE
    # Running from : C:\Users\Lee\Documents\Virus\geekstogo\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Lee\AppData\Local\svchost


    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\120ask.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.120ask.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\120ask.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.120ask.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [1050 Bytes] - [02/03/2017 22:18:18]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1625 Bytes] - [03/03/2017 21:19:00]
    C:\AdwCleaner\AdwCleaner[S0].txt - [1185 Bytes] - [02/03/2017 22:17:43]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1954 Bytes] - [03/03/2017 21:05:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1844 Bytes] ##########
     


    • 0

    #5
    Peter Lee

    Peter Lee

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 117 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.1 (02.11.2017)
    Operating System: Windows 8.1 Pro with Media Center x64
    Ran by Lee (Administrator) on 03-Mar-17 at 21:24:40.59
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 03-Mar-17 at 21:26:06.75
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #6
    Peter Lee

    Peter Lee

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 117 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
    Ran by Lee (administrator) on PETERLEE (03-03-2017 21:29:49)
    Running from C:\Users\Lee\Documents\Virus\geekstogo
    Loaded Profiles: Lee (Available Profiles: Lee)
    Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
    HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
    ShellIconOverlayIdentifiers: [StorageProviderErrorEx] -> {1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll [2017-02-08] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-02-09]
    ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\Launcher.exe (GIGABYTE Technology Co.,Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-02-23]
    ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
    GroupPolicyScripts: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{982F0D76-3896-46D8-BC3D-5ADB2C6AA09C}: [NameServer] 8.8.8.8,8.8.4.4

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)

    FireFox:
    ========
    FF DefaultProfile: 322oiu4s.default
    FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default [2017-03-03]
    FF Homepage: Mozilla\Firefox\Profiles\322oiu4s.default -> hxxps://www.google.com/?gws_rd=ssl
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default\features\{a511ca8b-29a0-4f15-9294-034ec4e2e54c}\[email protected] [2017-03-02]
    FF Extension: (TLS 1.3 Compatibility Testing 3) - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default\features\{a511ca8b-29a0-4f15-9294-034ec4e2e54c}\[email protected] [2017-03-02]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
    FF Plugin-x32: @wanmei.com/npArcPlayNowPlugin ->  [No File]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
    R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
    S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
    S4 WmgpService; C:\Program Files (x86)\PGP\WmgpService.exe [26616 2016-12-27] ()

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2017-02-20] (Alcohol Soft Development Team)
    S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-03] ()
    R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
    R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38432 2017-02-23] (SoftEther Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
    U5 SEE; C:\Windows\System32\Drivers\SEE.sys [50208 2017-02-23] (SoftEther Corporation)
    R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51232 2017-02-23] (SoftEther Corporation)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2017-02-20] (Duplex Secure Ltd.)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-03 21:29 - 2017-03-03 21:29 - 00000000 ____D C:\FRST
    2017-03-03 21:20 - 2017-03-03 21:22 - 00000000 ____D C:\Users\Lee\AppData\Local\svchost
    2017-03-03 07:18 - 2017-03-03 13:12 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
    2017-03-03 07:17 - 2017-03-03 20:55 - 00000000 ____D C:\Program Files\HitmanPro
    2017-03-03 07:17 - 2017-03-03 13:12 - 00000000 ____D C:\ProgramData\HitmanPro
    2017-03-03 07:16 - 2017-03-03 21:26 - 00000561 _____ C:\Users\Lee\Desktop\JRT.txt
    2017-03-03 07:07 - 2017-03-03 07:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Lee\Downloads\hitmanpro_x64.exe
    2017-03-03 07:06 - 2017-03-03 07:06 - 01663736 _____ (Malwarebytes) C:\Users\Lee\Downloads\JRT.exe
    2017-03-02 22:09 - 2017-03-03 21:19 - 00000000 ____D C:\AdwCleaner
    2017-03-02 16:54 - 2017-03-02 16:54 - 00142168 ____H C:\Windows\SysWOW64\mlfcache.dat
    2017-03-01 15:43 - 2017-03-01 15:44 - 00000000 ____D C:\abc
    2017-03-01 12:00 - 2017-03-03 18:55 - 00000000 ____D C:\Users\Lee\Documents\Virus
    2017-02-28 21:13 - 2017-02-28 21:13 - 00000000 ____D C:\Users\Lee\Downloads\WinMTR-v092
    2017-02-28 21:04 - 2017-02-28 21:12 - 01912363 _____ C:\Users\Lee\Downloads\WinMTR-v092.zip
    2017-02-28 14:39 - 2017-02-28 14:39 - 00000000 ____D C:\Windows\pss
    2017-02-27 21:58 - 2017-02-28 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
    2017-02-27 19:11 - 2017-02-27 19:11 - 00009259 _____ C:\lsp.txt
    2017-02-27 18:04 - 2017-02-27 18:04 - 00061746 _____ C:\Users\Lee\Desktop\DxDiag.txt
    2017-02-27 18:00 - 2017-02-27 18:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lee\Downloads\HijackThis.exe
    2017-02-27 11:24 - 2017-02-28 15:02 - 00000000 ____D C:\Program Files (x86)\NCSOFT
    2017-02-27 11:22 - 2017-02-27 11:22 - 00000000 ___HD C:\Program Files (x86)\NCWest
    2017-02-27 11:22 - 2017-02-27 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
    2017-02-27 10:34 - 2017-02-27 11:18 - 227200840 _____ (NC Interactive, LLC) C:\Users\Lee\Downloads\BnS_Lite_Installer.exe
    2017-02-26 11:34 - 2017-02-26 11:37 - 00052736 ___SH C:\Users\Lee\Documents\Thumbs.db
    2017-02-26 11:34 - 2017-02-26 11:34 - 00569454 _____ C:\Users\Lee\Documents\10021482921278555.bmp
    2017-02-26 08:04 - 2017-02-26 08:04 - 00405536 _____ C:\Windows\system32\MpKsluhmVv.dll
    2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files\Reference Assemblies
    2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files\MSBuild
    2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2017-02-24 12:57 - 2013-08-03 12:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
    2017-02-24 12:57 - 2013-08-03 12:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2017-02-24 12:57 - 2013-08-03 12:41 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2017-02-24 12:56 - 2013-08-03 12:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
    2017-02-24 12:56 - 2013-08-03 12:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2017-02-24 12:56 - 2013-08-03 12:48 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2017-02-23 12:46 - 2017-02-23 13:05 - 00000000 ___HD C:\Users\Lee\Downloads\FakeHospital - Daisy Lee (Blonde Patient [bleep]ed by Her Doctor) 02.22.17 720p
    2017-02-23 12:01 - 2017-02-23 12:09 - 00000000 ___HD C:\Users\Lee\Downloads\Playboy USA - March-April 2017 - True PDF - 3709 [ECLiPSE]
    2017-02-23 12:01 - 2017-02-23 12:01 - 00038432 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_VPN.sys
    2017-02-23 11:49 - 2017-02-23 11:49 - 00000000 ____D C:\hydra_tmp_1487821788055
    2017-02-23 11:48 - 2017-02-28 15:54 - 00000000 ____D C:\Users\Lee\AppData\Roaming\uTorrent
    2017-02-23 11:47 - 2017-02-23 11:47 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
    2017-02-23 11:47 - 2017-02-23 11:47 - 00050208 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\see.sys
    2017-02-23 11:47 - 2017-02-23 11:47 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
    2017-02-23 11:47 - 2017-02-23 11:47 - 00001945 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
    2017-02-23 11:47 - 2017-02-23 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
    2017-02-23 11:46 - 2017-03-03 21:26 - 00000000 ____D C:\Program Files\SoftEther VPN Client
    2017-02-23 11:46 - 2017-02-23 11:46 - 00051232 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys
    2017-02-23 11:45 - 2017-02-23 11:45 - 00000000 ____D C:\Users\Lee\Downloads\vpngate-client-2017.02.23-build-9634.137761
    2017-02-23 11:34 - 2017-02-23 11:43 - 54265482 _____ C:\Users\Lee\Downloads\vpngate-client-2017.02.23-build-9634.137761.zip
    2017-02-22 17:37 - 2017-02-22 17:38 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Wmgp
    2017-02-22 17:37 - 2017-02-22 17:37 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\完美游戏平台
    2017-02-22 17:36 - 2017-02-26 11:32 - 00000000 ____D C:\Program Files (x86)\PGP
    2017-02-22 17:27 - 2017-02-22 17:35 - 61039328 _____ C:\Users\Lee\Downloads\pgp_2.5.9.1227.exe
    2017-02-22 15:52 - 2017-02-22 15:52 - 00001347 _____ C:\Users\Lee\Desktop\Windows Media Player.lnk
    2017-02-20 14:50 - 2017-02-20 14:50 - 00055837 _____ C:\Users\Lee\AppData\LocalLow\wbkFB70.tmp
    2017-02-20 12:54 - 2017-03-02 12:54 - 00000200 _____ C:\Users\Lee\Documents\ax_files.xml
    2017-02-20 12:28 - 2017-02-20 12:28 - 00000000 ___HD C:\Program Files (x86)\illusion
    2017-02-20 12:22 - 2017-02-20 12:22 - 00293888 _____ (Alcohol Soft Development Team) C:\Windows\system32\Drivers\axscsidrv.sys
    2017-02-20 12:17 - 2017-02-20 12:17 - 00001200 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
    2017-02-20 12:17 - 2017-02-20 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
    2017-02-20 12:16 - 2017-02-20 12:16 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
    2017-02-20 12:11 - 2017-02-20 12:11 - 00405536 _____ C:\Windows\system32\MpKsljsDmE.dll
    2017-02-20 12:10 - 2017-02-20 12:10 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
    2017-02-20 11:21 - 2017-02-20 12:54 - 00000000 ___HD C:\Users\Lee\Documents\Oppai Slider
    2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ___HD C:\Users\Lee\Downloads\[051125][ILLUSION](205861) Oppai Slider 2 (1DVD)(iso+mds)
    2017-02-18 12:26 - 2017-02-18 12:26 - 00000000 ____D C:\Users\Lee\Downloads\FormatFactory.3.9.portable
    2017-02-18 11:32 - 2017-02-18 12:14 - 118751860 _____ C:\Users\Lee\Downloads\FormatFactory.3.9.portable.rar
    2017-02-17 14:32 - 2017-03-03 21:20 - 00000000 ___RD C:\Users\Lee\SkyDrive
    2017-02-17 11:42 - 2017-02-17 11:42 - 00001108 _____ C:\Users\Lee\Desktop\Calculator.lnk
    2017-02-16 21:04 - 2017-02-16 21:04 - 00000210 _____ C:\Users\Lee\Desktop\MapleStory Status Checker.URL
    2017-02-16 17:52 - 2017-02-16 18:21 - 00077552 _____ C:\Users\Lee\Desktop\AS_Latency_Check.txt
    2017-02-16 17:51 - 2017-02-16 17:51 - 00001626 _____ C:\Users\Lee\Downloads\Asiasoft_Network_Diagnostic_Tool.bat
    2017-02-16 06:55 - 2017-02-16 06:55 - 00000000 ____D C:\Users\Lee\AppData\Local\Macromedia
    2017-02-16 06:54 - 2017-02-16 06:54 - 00000000 ____D C:\ProgramData\McAfee
    2017-02-16 06:51 - 2017-02-16 06:55 - 00000000 ____D C:\Users\Lee\AppData\Local\Adobe
    2017-02-15 22:01 - 2017-02-15 22:01 - 00000000 ____D C:\ProgramData\Nexon
    2017-02-14 20:41 - 2017-02-14 20:41 - 00001178 _____ C:\Users\Public\Desktop\MapleStorySEA.lnk
    2017-02-14 20:40 - 2017-02-14 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizet
    2017-02-14 20:27 - 2017-02-14 20:27 - 00000000 ____D C:\Program Files (x86)\Wizet
    2017-02-14 14:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2017-02-14 14:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2017-02-14 14:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2017-02-14 14:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
    2017-02-14 14:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2017-02-14 14:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2017-02-14 14:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2017-02-14 14:16 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2017-02-14 14:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
    2017-02-14 14:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2017-02-14 14:16 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
    2017-02-14 14:16 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2017-02-14 14:16 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2017-02-14 14:16 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2017-02-14 14:16 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
    2017-02-14 14:16 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
    2017-02-14 14:16 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
    2017-02-14 14:16 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
    2017-02-14 14:15 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
    2017-02-14 14:15 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2017-02-14 14:15 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
    2017-02-14 14:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2017-02-14 14:14 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2017-02-14 14:14 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
    2017-02-14 14:14 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
    2017-02-14 14:14 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2017-02-14 14:14 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
    2017-02-14 14:14 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2017-02-14 14:14 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2017-02-14 14:14 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
    2017-02-14 14:14 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2017-02-14 14:14 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
    2017-02-14 14:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
    2017-02-14 14:13 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2017-02-14 14:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
    2017-02-14 14:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2017-02-14 14:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2017-02-14 14:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
    2017-02-14 14:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
    2017-02-14 14:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2017-02-14 14:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2017-02-14 14:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2017-02-14 14:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
    2017-02-14 14:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2017-02-14 14:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2017-02-14 14:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
    2017-02-14 14:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
    2017-02-14 14:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2017-02-14 14:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
    2017-02-14 14:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2017-02-14 14:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
    2017-02-14 14:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2017-02-14 14:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
    2017-02-14 14:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2017-02-14 14:12 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
    2017-02-14 14:12 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2017-02-14 14:12 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
    2017-02-14 14:12 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2017-02-14 14:12 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
    2017-02-14 14:12 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2017-02-14 14:12 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
    2017-02-14 14:12 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2017-02-14 14:12 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
    2017-02-14 14:12 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2017-02-14 14:11 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
    2017-02-14 14:11 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2017-02-14 14:11 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
    2017-02-14 14:11 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2017-02-14 14:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
    2017-02-14 14:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2017-02-14 14:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
    2017-02-14 14:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2017-02-14 14:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
    2017-02-14 14:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2017-02-14 14:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
    2017-02-14 14:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2017-02-14 14:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
    2017-02-14 14:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2017-02-14 14:10 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
    2017-02-14 14:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2017-02-14 14:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
    2017-02-14 14:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2017-02-14 14:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2017-02-14 14:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
    2017-02-14 14:10 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2017-02-14 14:10 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2017-02-14 14:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
    2017-02-14 14:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2017-02-14 14:10 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
    2017-02-14 14:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2017-02-14 14:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2017-02-14 14:10 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
    2017-02-14 14:10 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
    2017-02-14 14:10 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
    2017-02-14 14:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2017-02-14 14:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2017-02-14 14:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2017-02-14 14:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
    2017-02-14 14:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
    2017-02-14 14:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2017-02-14 14:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
    2017-02-14 14:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2017-02-14 14:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
    2017-02-14 14:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2017-02-14 14:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
    2017-02-14 14:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2017-02-14 14:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
    2017-02-14 14:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2017-02-14 14:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
    2017-02-14 14:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2017-02-14 14:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
    2017-02-14 14:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2017-02-14 14:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
    2017-02-14 14:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2017-02-14 14:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
    2017-02-14 14:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2017-02-14 14:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2017-02-14 14:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2017-02-14 14:09 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
    2017-02-14 14:09 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Sun
    2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\Users\Lee\AppData\LocalLow\Sun
    2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-02-14 13:25 - 2017-02-14 13:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2017-02-14 13:24 - 2017-02-14 13:25 - 00000000 ____D C:\ProgramData\Oracle
    2017-02-14 13:24 - 2017-02-14 13:24 - 00000000 ____D C:\Program Files (x86)\Java
    2017-02-14 13:13 - 2017-02-14 13:13 - 00738880 _____ (Oracle Corporation) C:\Users\Lee\Downloads\jxpiinstall.exe
    2017-02-12 19:38 - 2017-03-01 12:40 - 00371712 ___SH C:\Users\Lee\Downloads\Thumbs.db
    2017-02-11 20:26 - 2017-03-03 21:22 - 00000000 ____D C:\Users\Lee\AppData\Local\CrashDumps
    2017-02-11 09:38 - 2017-02-11 09:38 - 00000000 ____D C:\Users\Lee\AppData\Roaming\OpenOffice
    2017-02-11 09:31 - 2017-02-11 09:31 - 00001154 _____ C:\Users\Lee\Desktop\Wordpad.lnk
    2017-02-10 20:34 - 2017-02-10 20:35 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
    2017-02-10 20:34 - 2017-02-10 20:34 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
    2017-02-10 20:34 - 2017-02-10 20:34 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
    2017-02-10 20:32 - 2017-02-10 20:32 - 00000000 ____D C:\Users\Lee\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
    2017-02-10 18:55 - 2017-02-10 19:54 - 140742472 _____ C:\Users\Lee\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
    2017-02-10 16:29 - 2017-02-10 16:29 - 01038336 _____ C:\Users\Lee\Downloads\PlayparkDownloader_v0.3.6.1.msi
    2017-02-10 16:29 - 2017-02-10 16:29 - 00003101 _____ C:\Users\Lee\Desktop\Playpark Downloader.lnk
    2017-02-10 16:29 - 2017-02-10 16:29 - 00003061 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark Downloader.lnk
    2017-02-10 16:29 - 2017-02-10 16:29 - 00000000 ____D C:\Program Files (x86)\Asiasoft Online
    2017-02-10 14:06 - 2017-02-10 14:06 - 00000000 ____D C:\Users\Lee\AppData\Local\NVIDIA Corporation
    2017-02-10 14:05 - 2017-02-10 14:05 - 00000000 ____D C:\ProgramData\Package Cache
    2017-02-10 14:03 - 2016-04-14 13:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2017-02-10 14:03 - 2016-04-14 13:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2017-02-10 14:03 - 2016-04-14 13:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\Users\Lee\AppData\Local\TeamViewer
    2017-02-10 07:27 - 2017-02-23 11:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2017-02-10 07:27 - 2017-02-10 07:27 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-02-10 07:27 - 2017-02-10 07:27 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
    2017-02-10 07:27 - 2017-02-10 07:27 - 00000000 ____D C:\Users\Lee\AppData\Roaming\TeamViewer
    2017-02-10 07:23 - 2017-02-10 07:26 - 14482152 _____ (TeamViewer GmbH) C:\Users\Lee\Downloads\TeamViewer_Setup.exe
    2017-02-10 07:22 - 2017-02-27 18:53 - 00000000 ____D C:\Users\Lee\Documents\temp
    2017-02-10 07:22 - 2017-02-10 07:22 - 00000000 ____D C:\GvTemp
    2017-02-10 07:20 - 2017-02-10 07:20 - 00331464 _____ C:\Windows\Minidump\021017-39078-01.dmp
    2017-02-09 20:56 - 2017-02-22 21:34 - 00000000 ____D C:\Users\Lee\AppData\Local\NVIDIA
    2017-02-09 20:56 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2017-02-09 20:56 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2017-02-09 20:56 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
    2017-02-09 20:56 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2017-02-09 20:56 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2017-02-09 20:56 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2017-02-09 20:53 - 2017-02-20 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2017-02-09 20:53 - 2016-01-23 09:12 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2017-02-09 20:52 - 2016-01-23 11:42 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2017-02-09 20:52 - 2016-01-23 11:42 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 06368312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 02992064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 01263040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2017-02-09 20:50 - 2016-01-23 09:04 - 00532024 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2017-02-09 20:50 - 2016-01-23 05:07 - 06125650 _____ C:\Windows\system32\nvcoproc.bin
    2017-02-09 20:48 - 2016-01-23 11:42 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436175.dll
    2017-02-09 20:48 - 2016-01-23 11:42 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436175.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 42983992 _____ C:\Windows\system32\nvcompiler.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 37614528 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 31079992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 24911296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 21193544 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 20733832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 17626352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 17218792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 16995064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 14016576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 12379072 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2017-02-09 20:46 - 2016-01-23 11:42 - 03258664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 03145272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 02721216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00948672 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00880576 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00747064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00689600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00501896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00468960 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2017-02-09 20:37 - 2017-02-28 15:03 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
    2017-02-09 20:37 - 2017-02-09 20:37 - 00002767 _____ C:\Users\Public\Desktop\GIGABYTE OC_GURU.lnk
    2017-02-09 20:37 - 2017-02-09 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
    2017-02-09 20:36 - 2017-02-09 20:36 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
    2017-02-09 19:58 - 2017-02-20 13:49 - 00000000 ____D C:\Users\Lee\AppData\Roaming\MPC-HC
    2017-02-09 19:56 - 2017-02-09 19:56 - 00001239 _____ C:\Users\Lee\Desktop\Media Player Classic.lnk
    2017-02-09 18:55 - 2017-02-09 18:55 - 00003156 _____ C:\Windows\System32\Tasks\klcp_update
    2017-02-09 18:54 - 2017-02-09 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2017-02-09 18:54 - 2017-02-09 18:54 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
    2017-02-09 18:54 - 2016-05-08 18:27 - 03613696 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
    2017-02-09 18:54 - 2016-05-08 18:19 - 03642880 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
    2017-02-09 18:54 - 2015-12-18 18:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
    2017-02-09 18:54 - 2015-12-18 18:00 - 00674816 _____ C:\Windows\SysWOW64\xvidcore.dll
    2017-02-09 18:54 - 2015-12-18 18:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
    2017-02-09 18:54 - 2015-12-18 18:00 - 00282112 _____ C:\Windows\SysWOW64\xvidvfw.dll
    2017-02-09 18:54 - 2015-10-25 01:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
    2017-02-09 18:54 - 2012-07-21 19:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
    2017-02-09 18:54 - 2012-07-21 19:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
    2017-02-09 18:54 - 2011-12-08 02:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
    2017-02-09 18:54 - 2011-12-08 02:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
    2017-02-09 18:25 - 2017-02-09 18:31 - 43807219 _____ (KLCP ) C:\Users\Lee\Downloads\K-Lite_Codec_Pack_1290_Mega.exe
    2017-02-09 18:23 - 2017-02-09 18:24 - 01006644 _____ ( ) C:\Users\Lee\Downloads\CodecTweakTool_615.exe
    2017-02-09 18:05 - 2017-03-03 21:29 - 00000000 ____D C:\Users\Lee\AppData\LocalLow\Mozilla
    2017-02-09 17:21 - 2017-02-09 18:16 - 00000000 ____D C:\Users\Lee\AppData\Local\Mozilla
    2017-02-09 17:21 - 2017-02-09 18:05 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Mozilla
    2017-02-09 17:21 - 2017-02-09 17:21 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-02-09 17:21 - 2017-02-09 17:21 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-02-09 17:21 - 2017-02-09 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-02-09 17:20 - 2017-02-09 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-02-09 16:23 - 2017-02-09 16:24 - 00410408 _____ C:\Windows\Minidump\020917-21218-01.dmp
    2017-02-09 09:53 - 2017-02-10 07:20 - 00000000 ____D C:\Windows\Minidump
    2017-02-09 09:53 - 2017-02-10 07:19 - 271268873 _____ C:\Windows\MEMORY.DMP
    2017-02-09 09:53 - 2017-02-09 09:54 - 00379704 _____ C:\Windows\Minidump\020917-23109-01.dmp
    2017-02-09 06:22 - 2017-02-09 06:17 - 00000355 __RSH C:\Boot.ini.saved
    2017-02-09 06:22 - 2013-08-22 13:17 - 02407936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
    2017-02-09 06:17 - 2017-02-09 06:17 - 00008192 __RSH C:\BOOTSECT.BAK
    2017-02-09 06:17 - 2017-02-08 14:47 - 00000000 ____D C:\Windows\Panther
    2017-02-09 06:17 - 2012-06-18 13:10 - 00000211 ____H C:\Boot.BAK
    2017-02-09 06:09 - 2017-02-12 06:03 - 00000000 ____D C:\Windows.old
    2017-02-08 22:26 - 2017-02-08 22:26 - 00405632 _____ C:\Users\Lee\AppData\Roaming\qd1486563965.sy_
    2017-02-08 22:25 - 2017-02-08 22:26 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Tmp
    2017-02-08 22:25 - 2017-02-08 22:25 - 00000000 ____D C:\Windows\OEM8
    2017-02-08 18:04 - 2017-02-08 18:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2017-02-08 17:25 - 2017-02-08 17:25 - 00000000 ____D C:\Program Files (x86)\VulkanRT
    2017-02-08 17:25 - 2016-09-10 02:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
    2017-02-08 17:25 - 2016-09-10 02:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
    2017-02-08 17:25 - 2016-09-10 02:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
    2017-02-08 17:25 - 2016-09-10 02:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
    2017-02-08 17:24 - 2017-03-03 21:19 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-02-08 17:24 - 2017-01-04 15:31 - 00222648 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2017-02-08 17:24 - 2017-01-04 15:31 - 00210360 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2017-02-08 16:29 - 2017-02-24 13:09 - 00443438 _____ C:\Windows\system32\prfh0804.dat
    2017-02-08 16:29 - 2017-02-24 13:09 - 00135458 _____ C:\Windows\system32\prfc0804.dat
    2017-02-08 16:29 - 2017-02-08 16:27 - 00113084 _____ C:\Windows\system32\prfi0804.dat
    2017-02-08 16:29 - 2017-02-08 16:27 - 00033362 _____ C:\Windows\system32\prfd0804.dat
    2017-02-08 16:27 - 2017-02-08 16:27 - 00000000 ____D C:\Windows\SysWOW64\zh-HANS
    2017-02-08 16:27 - 2017-02-08 16:27 - 00000000 ____D C:\Windows\system32\zh-HANS
    2017-02-08 15:12 - 2017-02-08 15:14 - 00001908 _____ C:\Windows\diagwrn.xml
    2017-02-08 15:12 - 2017-02-08 15:14 - 00001908 _____ C:\Windows\diagerr.xml
    2017-02-08 15:05 - 2017-02-08 15:05 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Macromedia
    2017-02-08 14:54 - 2017-02-17 14:32 - 00000000 ___RD C:\Users\Lee\SkyDrive.old
    2017-02-08 14:53 - 2017-03-03 21:25 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1811311261-2537790386-1638266141-1001
    2017-02-08 14:50 - 2017-02-16 07:28 - 01358934 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-08 14:48 - 2017-02-08 14:48 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-02-08 14:47 - 2017-02-27 18:00 - 00000000 ____D C:\Users\Lee\AppData\Local\VirtualStore
    2017-02-08 14:47 - 2017-02-27 17:48 - 00000000 ____D C:\Users\Lee\AppData\Local\Packages
    2017-02-08 14:47 - 2017-02-08 14:47 - 00001446 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-02-08 14:47 - 2017-02-08 14:47 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Adobe
    2017-02-08 14:46 - 2017-02-22 21:32 - 00000000 ____D C:\Users\Lee
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000020 ___SH C:\Users\Lee\ntuser.ini
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\My Documents
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Videos
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Pictures
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Music
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 ____D C:\Windows\CSC
    2017-02-08 14:46 - 2013-08-29 20:35 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Media Center Programs
    2017-02-07 18:59 - 2017-02-07 18:59 - 00000000 ____D C:\NVIDIA
    2017-02-07 17:53 - 2017-02-07 18:05 - 00000000 ____D C:\Documents and Settings 2
    2017-02-07 17:53 - 2017-02-07 17:53 - 00000000 ____D C:\program files2
    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-03 21:19 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-03 20:57 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2017-03-02 13:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
    2017-03-02 12:55 - 2013-08-22 22:44 - 00369184 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-02-28 14:21 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
    2017-02-27 20:23 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2017-02-27 15:26 - 2015-12-22 23:49 - 00000000 ___HD C:\Peter
    2017-02-24 20:17 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
    2017-02-24 13:09 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
    2017-02-24 13:07 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
    2017-02-24 13:07 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\MUI
    2017-02-18 12:25 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-02-16 06:54 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-02-16 06:54 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Macromed
    2017-02-10 20:32 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2017-02-09 20:53 - 2012-06-18 13:21 - 00000000 ____D C:\Temp
    2017-02-09 20:50 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Help
    2017-02-09 06:17 - 2013-08-22 23:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
    2017-02-08 18:04 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2017-02-08 16:27 - 2013-08-23 03:11 - 00000000 ____D C:\Program Files\Windows Journal
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\winrm
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\WCN
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\slmgr
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\winrm
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\WCN
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\slmgr
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ___SD C:\Windows\system32\dsc
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\WinStore
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Com
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\migwiz
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Com
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\PolicyDefinitions
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\IME
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\FileManager
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\System
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Sysprep
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\oobe
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Dism
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\servicing
    2017-02-08 15:08 - 2013-08-22 23:36 - 00000000 __RHD C:\Users\Public\Libraries
    2017-02-08 14:47 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Camera

    ==================== Files in the root of some directories =======

    2017-02-08 22:26 - 2017-02-08 22:26 - 0405632 _____ () C:\Users\Lee\AppData\Roaming\qd1486563965.sy_

    Some files in TEMP:
    ====================
    2017-02-16 17:21 - 2017-02-16 17:21 - 0000512 _____ () C:\Users\Lee\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll
    2017-02-16 17:21 - 2017-02-26 16:29 - 0000056 _____ () C:\Users\Lee\AppData\Local\Temp\711b6bd6e9321fbd57eb396eb6436e7f.dll
    2017-03-03 20:55 - 2017-03-03 07:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Lee\AppData\Local\Temp\HitmanPro.exe
    2017-02-08 17:25 - 2016-12-29 20:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\Lee\AppData\Local\Temp\nvSCPAPI64.dll
    2017-02-09 20:47 - 2016-12-29 20:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\Lee\AppData\Local\Temp\nvStInst.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-02-23 07:07

    ==================== End of FRST.txt ============================


    Edited by Peter Lee, 03 March 2017 - 08:03 AM.

    • 0

    #7
    Peter Lee

    Peter Lee

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 117 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
    Ran by Lee (03-03-2017 21:31:05)
    Running from C:\Users\Lee\Documents\Virus\geekstogo
    Windows 8.1 Pro with Media Center (X64) (2017-02-08 06:47:10)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1811311261-2537790386-1638266141-500 - Administrator - Disabled)
    Guest (S-1-5-21-1811311261-2537790386-1638266141-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1811311261-2537790386-1638266141-1003 - Limited - Enabled)
    Lee (S-1-5-21-1811311261-2537790386-1638266141-1001 - Administrator - Enabled) => C:\Users\Lee

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
    Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
    Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
    GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.96.0000 - GIGABYTE Technology Co.,Ltd.)
    GIGABYTE OC_GURU II (x32 Version: 1.96.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
    ILLUSION SexyビーチZERO (HKLM-x32\...\{51FAC155-0705-4EA0-B00F-7955676627BF}) (Version: 1.00.0000 - ILLUSION)
    ILLUSION おっぱいスライダー2 (HKLM-x32\...\{6B0B39AC-22EC-44AA-AEBB-B9E52250FEED}) (Version: 1.00.0000 - ILLUSION)
    Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    K-Lite Mega Codec Pack 12.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.0 - KLCP)
    MapleStorySEA version 1.50 (HKLM-x32\...\{838168F3-D9F3-4FC0-B818-1E6E7B7831D5}_is1) (Version: 1.50 - Asiasoft Online Pte.Ltd.)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
    NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA Miracast Virtual Audio 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
    Playpark Downloader (HKLM-x32\...\{D81B5861-F391-4905-A779-8A82994F3A00}) (Version: 0.3.6 - Asiasoft Online)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
    SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
    μTorrent (HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
    完美游戏平台 (HKLM-x32\...\PGP) (Version: 2.5.9.1227 - PWRD, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1B7E15E4-76FB-4718-A15A-6F7E5136B5FB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-01] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2017-02-10 14:05 - 2016-06-15 09:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2017-02-09 20:54 - 2016-06-15 09:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2017-02-09 20:54 - 2016-06-15 09:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2017-02-08 22:26 - 2017-02-08 22:26 - 00267264 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 21:25 - 2017-03-02 12:53 - 00000890 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 xhamsterxxx.xyz
    127.0.0.1 www.duba.com
    127.0.0.1

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: AxAutoMntSrv => 2
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: McComponentHostService => 3
    MSCONFIG\Services: StarWindServiceAE => 2
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: WmgpService => 3
    HKLM\...\StartupApproved\StartupFolder: => "GIGABYTE OC_GURU.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\Run: => "NvBackend"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\StartupApproved\Run: => "AlcoholAutomount"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{3D6F92E3-5410-4DE7-B339-F5E136873626}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5F6AFA09-7D4F-442A-8CE8-E94012BEFA8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{946B61ED-7E76-40CE-B325-817EE0A737C4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{375D0796-CF8C-4FED-8D6E-5B15F65BFE48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{4A9CC1BB-C7CD-414D-917F-15A8EED342CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{B85BA918-4485-43EE-9449-D5648F7C5D9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{2E68CAFE-BCAF-4CDA-87BA-65E678FE5BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{71CA6087-8F98-49D6-81B7-5F2EF7A2876C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{CEE6F92C-DA85-42D5-8549-20A47DEFDB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{D022D86D-9A8B-462D-983A-569475070C34}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{51B6253F-D390-415D-8D37-2148E279EAF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{85D540F2-E186-4B47-B1F3-F579F19CF756}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{B4CEF642-48ED-48A5-A461-3927C62A95F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{C96E1ACA-8541-49DF-95C8-BF33A252A5DE}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
    FirewallRules: [UDP Query User{D68801A9-2992-4058-9E70-7679EE1A8E61}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
    FirewallRules: [TCP Query User{91938808-AF53-46DD-BA75-446E783DD0C4}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{F08F38FA-6230-4309-8C10-7DBC9D0D570D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [{9C817201-D5D9-4144-9ACA-E5DBAEA3489A}] => (Allow) C:\Program Files (x86)\PGP\wmgp.exe
    FirewallRules: [{3D880ABF-D6D1-4019-B36E-3A2187F73D15}] => (Allow) C:\Program Files (x86)\PGP\wmgp.exe
    FirewallRules: [{CA42FA96-8EB6-4DFD-8A62-D29BF3B079B4}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebGame.exe
    FirewallRules: [{4F8A94C2-39B0-40E1-86EB-64545DB9C0E4}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebGame.exe
    FirewallRules: [{860A50E9-9789-4ECA-9041-B147550F8DB2}] => (Allow) C:\Program Files (x86)\PGP\WmgpBrowser.exe
    FirewallRules: [{33B1BA51-BEB5-458C-9B75-600C14CF0AC8}] => (Allow) C:\Program Files (x86)\PGP\WmgpBrowser.exe
    FirewallRules: [{755296EB-0819-4537-9994-151B706F1DEE}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebBooster.exe
    FirewallRules: [{7DFD6D21-7FEB-44C3-B617-5564864043A7}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebBooster.exe
    FirewallRules: [{DBD0BBFB-14BE-455A-98BB-AD67B065BF22}] => (Allow) C:\Program Files (x86)\PGP\XunLei\download\MiniThunderPlatform.exe
    FirewallRules: [{552BEAB5-5A76-4ED1-81BB-5384C11E80DE}] => (Allow) C:\Program Files (x86)\PGP\XunLei\download\MiniThunderPlatform.exe
    FirewallRules: [{F52A5708-F3E7-45EE-B616-B5D24B48721B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
    FirewallRules: [{5C95202A-2C7E-4A12-870D-7446E5F28B8E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
    FirewallRules: [{7856266E-56C8-4874-9F8E-E5D1FEFA279F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
    FirewallRules: [{24885D04-D094-4341-9EFD-225DEBB8B1A3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
    FirewallRules: [{520FA5FB-7D30-416D-983D-5B159E4B27D3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    FirewallRules: [{360BF758-9FCD-4BF8-89FB-DA267AA6F92C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
    FirewallRules: [{09E5A488-7AEB-4C2A-8AA7-69B6B264DB60}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{5F65CD03-5030-47F8-BD17-D413DEBDC391}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E2C7DBA4-C68F-4D6A-BA56-1D314404092F}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{37522116-8C98-4992-9973-12FDFCB8DF29}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8E04F20B-22A6-4B02-AB1E-5BA1A6BAEF4D}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{B8EC7065-46E9-4F2D-A7F6-A4E664C8CA42}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{5DFB6AF9-41C6-41FD-975B-459E654BA093}] => (Allow) %ProgramFiles% (x86)\Wizet\MapleStorySEA\MapleStory.exe
    FirewallRules: [{02A081D6-A909-40FC-A7B9-D1A641FE3872}] => (Allow) C:\Windows\Explorer.EXE
    FirewallRules: [{B713A9BB-3A39-4367-84E8-1BB4F0593DD6}] => (Allow) C:\Windows\Explorer.EXE

    ==================== Restore Points =========================

    03-03-2017 07:12:53 JRT Pre-Junkware Removal
    03-03-2017 21:24:45 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/03/2017 09:24:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (03/03/2017 09:22:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.16384, time stamp: 0x52158f2d
    Exception code: 0x406d1388
    Fault offset: 0x00013d67
    Faulting process id: 0x11a4
    Faulting application start time: 0x01d294212cb5411b
    Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
    Report Id: 775019b8-0014-11e7-8286-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/03/2017 09:22:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Exception code: 0xc00001a5
    Fault offset: 0x001dfad0
    Faulting process id: 0x11a4
    Faulting application start time: 0x01d294212cb5411b
    Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SysWOW64\svchost.exe
    Report Id: 741491e9-0014-11e7-8286-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/03/2017 09:20:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (03/03/2017 09:20:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    Error: (03/03/2017 09:15:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x57cd2fb9
    Faulting module name: ntdll.dll, version: 6.3.9600.16384, time stamp: 0x52159015
    Exception code: 0xc0000374
    Fault offset: 0x000e2f68
    Faulting process id: 0x140c
    Faulting application start time: 0x01d294201708c5e2
    Faulting application path: c:\windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: 78011955-0013-11e7-8285-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/03/2017 09:09:37 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Exception code: 0xc0000005
    Fault offset: 0x0107f484
    Faulting process id: 0x78c
    Faulting application start time: 0x01d2941f6061be69
    Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SysWOW64\svchost.exe
    Report Id: a6bf1109-0012-11e7-8285-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/03/2017 09:09:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Exception code: 0xc00001a5
    Fault offset: 0x016d101b
    Faulting process id: 0x78c
    Faulting application start time: 0x01d2941f6061be69
    Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SysWOW64\svchost.exe
    Report Id: a522e742-0012-11e7-8285-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/03/2017 08:58:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (03/03/2017 08:58:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    System errors:
    =============
    Error: (03/03/2017 09:25:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/03/2017 09:25:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
    The service did not start due to a logon failure.

    Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    The service did not start due to a logon failure.

    Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
    The request is not supported.


    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    The service did not start due to a logon failure.

    Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
    The request is not supported.

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (03/03/2017 09:18:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (03/03/2017 09:18:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (03/03/2017 09:18:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Streamer Network Service service terminated unexpectedly.  It has done this 1 time(s).

    CodeIntegrity:
    ===================================
      Date: 2017-02-08 17:21:22.165
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
    Percentage of memory in use: 45%
    Total physical RAM: 2047.11 MB
    Available physical RAM: 1111.92 MB
    Total Virtual: 4095.11 MB
    Available Virtual: 2716.57 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.78 GB) (Free:112.63 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (New Volume) (Fixed) (Total:232.88 GB) (Free:57.68 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 87A087A0)
    Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Did you install

     

    TeamViewer?

    SoftEther VPN Client?

    完美游戏平台 (HKLM-x32\...\PGP) (Version: 2.5.9.1227 - PWRD, Inc.)?  Translates from Japanese as Perfect Model no idea what it does.

     

    ILLUSION SexyビーチZERO (HKLM-x32\...\{51FAC155-0705-4EA0-B00F-7955676627BF}) (Version: 1.00.0000 - ILLUSION)?
    ILLUSION おっぱいスライダー2 (HKLM-x32\...\{6B0B39AC-22EC-44AA-AEBB-B9E52250FEED}) (Version: 1.00.0000 - ILLUSION) ?
     
    The last two are pretty rare so I know nothing about them either.  TeamViewer can certainly be used to log in to your system.  Not sure about SoftEther.
     
    It is odd that Iexplore.exe is shown in the firewall list.
     
     
     
    See if you can submit the following files to virustotal.com:
     
     C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll
     
    C:\Windows\system32\MpKsluhmVv.dll
    C:\Windows\system32\MpKsljsDmE.dll
     
     
    Easiest way to submit a file is to copy the path:
     
     C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll
     
    Then
    Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with Power64.dll chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 50+ different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 50+ then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
     
    Some of these files are hidden system files so you may need to tell Windows to let you see them:
     
     
    Could you search for
     
    msconfig
     
    and hit Enter
     
    then under Startup check any you may have unchecked.  Then under Services  check any you may have unchecked.  OK and Reboot.
    (It's hard to remove items that have been unchecked in msconfig)

    You have Alcohol installed but it doesn't show in your installed program list.  Could you uninstall it temporarily?   http://www.wikihow.c...all-Alcohol-120   Alcohol likes to create random named files which makes my life difficult since random named files are a favorite of malware.  

     

    Run FRST again, check Addition.txt and hit Scan.  Post both 


    • 0

    #9
    Peter Lee

    Peter Lee

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 117 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-03-2017
    Ran by Lee (administrator) on PETERLEE (04-03-2017 12:04:39)
    Running from C:\Users\Lee\Documents\Virus\geekstogo
    Loaded Profiles: Lee (Available Profiles: Lee)
    Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
    (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
    HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    ShellIconOverlayIdentifiers: [StorageProviderErrorEx] -> {1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll [2017-02-08] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-02-09]
    ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\Launcher.exe (GIGABYTE Technology Co.,Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-02-23]
    ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
    GroupPolicyScripts: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{982F0D76-3896-46D8-BC3D-5ADB2C6AA09C}: [NameServer] 8.8.8.8,8.8.4.4

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)

    FireFox:
    ========
    FF DefaultProfile: 322oiu4s.default
    FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default [2017-03-04]
    FF Homepage: Mozilla\Firefox\Profiles\322oiu4s.default -> hxxps://www.google.com/?gws_rd=ssl
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default\features\{1006df96-c7b0-4a5e-8cb3-24d139622644}\[email protected] [2017-03-04]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
    FF Plugin-x32: @wanmei.com/npArcPlayNowPlugin ->  [No File]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
    R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
    S4 WmgpService; C:\Program Files (x86)\PGP\WmgpService.exe [26616 2016-12-27] ()

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-03] ()
    R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
    R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38432 2017-02-23] (SoftEther Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
    U5 SEE; C:\Windows\System32\Drivers\SEE.sys [50208 2017-02-23] (SoftEther Corporation)
    R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51232 2017-02-23] (SoftEther Corporation)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2017-02-20] (Duplex Secure Ltd.)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-04 09:04 - 2017-03-04 11:22 - 15313687 _____ C:\Users\Lee\Downloads\DNW-TVBN-19.rmvb.part
    2017-03-03 21:29 - 2017-03-04 12:04 - 00000000 ____D C:\FRST
    2017-03-03 21:20 - 2017-03-03 21:22 - 00000000 ____D C:\Users\Lee\AppData\Local\svchost
    2017-03-03 07:18 - 2017-03-03 13:12 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
    2017-03-03 07:17 - 2017-03-03 20:55 - 00000000 ____D C:\Program Files\HitmanPro
    2017-03-03 07:17 - 2017-03-03 13:12 - 00000000 ____D C:\ProgramData\HitmanPro
    2017-03-03 07:16 - 2017-03-03 21:26 - 00000561 _____ C:\Users\Lee\Desktop\JRT.txt
    2017-03-03 07:07 - 2017-03-03 07:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Lee\Downloads\hitmanpro_x64.exe
    2017-03-03 07:06 - 2017-03-03 07:06 - 01663736 _____ (Malwarebytes) C:\Users\Lee\Downloads\JRT.exe
    2017-03-02 22:09 - 2017-03-03 21:19 - 00000000 ____D C:\AdwCleaner
    2017-03-02 16:54 - 2017-03-02 16:54 - 00142168 ____H C:\Windows\SysWOW64\mlfcache.dat
    2017-03-01 15:43 - 2017-03-01 15:44 - 00000000 ____D C:\abc
    2017-03-01 12:00 - 2017-03-03 18:55 - 00000000 ____D C:\Users\Lee\Documents\Virus
    2017-02-28 21:13 - 2017-02-28 21:13 - 00000000 ____D C:\Users\Lee\Downloads\WinMTR-v092
    2017-02-28 21:04 - 2017-02-28 21:12 - 01912363 _____ C:\Users\Lee\Downloads\WinMTR-v092.zip
    2017-02-28 14:39 - 2017-02-28 14:39 - 00000000 ____D C:\Windows\pss
    2017-02-27 21:58 - 2017-03-04 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
    2017-02-27 19:11 - 2017-02-27 19:11 - 00009259 _____ C:\lsp.txt
    2017-02-27 18:04 - 2017-02-27 18:04 - 00061746 _____ C:\Users\Lee\Desktop\DxDiag.txt
    2017-02-27 18:00 - 2017-02-27 18:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lee\Downloads\HijackThis.exe
    2017-02-27 11:24 - 2017-03-04 12:01 - 00000000 ____D C:\Program Files (x86)\NCSOFT
    2017-02-27 11:22 - 2017-02-27 11:22 - 00000000 ___HD C:\Program Files (x86)\NCWest
    2017-02-27 11:22 - 2017-02-27 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
    2017-02-27 10:34 - 2017-02-27 11:18 - 227200840 _____ (NC Interactive, LLC) C:\Users\Lee\Downloads\BnS_Lite_Installer.exe
    2017-02-26 11:34 - 2017-02-26 11:37 - 00052736 ___SH C:\Users\Lee\Documents\Thumbs.db
    2017-02-26 11:34 - 2017-02-26 11:34 - 00569454 _____ C:\Users\Lee\Documents\10021482921278555.bmp
    2017-02-26 08:04 - 2017-02-26 08:04 - 00405536 _____ C:\Windows\system32\MpKsluhmVv.dll
    2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files\Reference Assemblies
    2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files\MSBuild
    2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2017-02-24 12:57 - 2013-08-03 12:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
    2017-02-24 12:57 - 2013-08-03 12:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2017-02-24 12:57 - 2013-08-03 12:41 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2017-02-24 12:56 - 2013-08-03 12:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
    2017-02-24 12:56 - 2013-08-03 12:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2017-02-24 12:56 - 2013-08-03 12:48 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2017-02-23 12:46 - 2017-02-23 13:05 - 00000000 ___HD C:\Users\Lee\Downloads\FakeHospital - Daisy Lee (Blonde Patient [bleep]ed by Her Doctor) 02.22.17 720p
    2017-02-23 12:01 - 2017-02-23 12:09 - 00000000 ___HD C:\Users\Lee\Downloads\Playboy USA - March-April 2017 - True PDF - 3709 [ECLiPSE]
    2017-02-23 12:01 - 2017-02-23 12:01 - 00038432 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_VPN.sys
    2017-02-23 11:49 - 2017-02-23 11:49 - 00000000 ____D C:\hydra_tmp_1487821788055
    2017-02-23 11:48 - 2017-02-28 15:54 - 00000000 ____D C:\Users\Lee\AppData\Roaming\uTorrent
    2017-02-23 11:47 - 2017-02-23 11:47 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
    2017-02-23 11:47 - 2017-02-23 11:47 - 00050208 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\see.sys
    2017-02-23 11:47 - 2017-02-23 11:47 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
    2017-02-23 11:47 - 2017-02-23 11:47 - 00001945 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
    2017-02-23 11:47 - 2017-02-23 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
    2017-02-23 11:46 - 2017-03-04 09:05 - 00000000 ____D C:\Program Files\SoftEther VPN Client
    2017-02-23 11:46 - 2017-02-23 11:46 - 00051232 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys
    2017-02-23 11:45 - 2017-02-23 11:45 - 00000000 ____D C:\Users\Lee\Downloads\vpngate-client-2017.02.23-build-9634.137761
    2017-02-23 11:34 - 2017-02-23 11:43 - 54265482 _____ C:\Users\Lee\Downloads\vpngate-client-2017.02.23-build-9634.137761.zip
    2017-02-22 17:37 - 2017-02-22 17:38 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Wmgp
    2017-02-22 17:37 - 2017-02-22 17:37 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\完美游戏平台
    2017-02-22 17:36 - 2017-02-26 11:32 - 00000000 ____D C:\Program Files (x86)\PGP
    2017-02-22 17:27 - 2017-02-22 17:35 - 61039328 _____ C:\Users\Lee\Downloads\pgp_2.5.9.1227.exe
    2017-02-22 15:52 - 2017-02-22 15:52 - 00001347 _____ C:\Users\Lee\Desktop\Windows Media Player.lnk
    2017-02-20 14:50 - 2017-02-20 14:50 - 00055837 _____ C:\Users\Lee\AppData\LocalLow\wbkFB70.tmp
    2017-02-20 12:54 - 2017-03-04 11:59 - 00000200 _____ C:\Users\Lee\Documents\ax_files.xml
    2017-02-20 12:28 - 2017-02-20 12:28 - 00000000 ___HD C:\Program Files (x86)\illusion
    2017-02-20 12:16 - 2017-02-20 12:16 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
    2017-02-20 12:11 - 2017-02-20 12:11 - 00405536 _____ C:\Windows\system32\MpKsljsDmE.dll
    2017-02-20 12:10 - 2017-02-20 12:10 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
    2017-02-20 11:21 - 2017-02-20 12:54 - 00000000 ___HD C:\Users\Lee\Documents\Oppai Slider
    2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ___HD C:\Users\Lee\Downloads\[051125][ILLUSION](205861) Oppai Slider 2 (1DVD)(iso+mds)
    2017-02-18 12:26 - 2017-02-18 12:26 - 00000000 ____D C:\Users\Lee\Downloads\FormatFactory.3.9.portable
    2017-02-18 11:32 - 2017-02-18 12:14 - 118751860 _____ C:\Users\Lee\Downloads\FormatFactory.3.9.portable.rar
    2017-02-17 14:32 - 2017-03-04 09:00 - 00000000 ___RD C:\Users\Lee\SkyDrive
    2017-02-17 11:42 - 2017-02-17 11:42 - 00001108 _____ C:\Users\Lee\Desktop\Calculator.lnk
    2017-02-16 21:04 - 2017-02-16 21:04 - 00000210 _____ C:\Users\Lee\Desktop\MapleStory Status Checker.URL
    2017-02-16 17:52 - 2017-02-16 18:21 - 00077552 _____ C:\Users\Lee\Desktop\AS_Latency_Check.txt
    2017-02-16 17:51 - 2017-02-16 17:51 - 00001626 _____ C:\Users\Lee\Downloads\Asiasoft_Network_Diagnostic_Tool.bat
    2017-02-16 06:55 - 2017-02-16 06:55 - 00000000 ____D C:\Users\Lee\AppData\Local\Macromedia
    2017-02-16 06:54 - 2017-02-16 06:54 - 00000000 ____D C:\ProgramData\McAfee
    2017-02-16 06:51 - 2017-02-16 06:55 - 00000000 ____D C:\Users\Lee\AppData\Local\Adobe
    2017-02-15 22:01 - 2017-02-15 22:01 - 00000000 ____D C:\ProgramData\Nexon
    2017-02-14 20:41 - 2017-02-14 20:41 - 00001178 _____ C:\Users\Public\Desktop\MapleStorySEA.lnk
    2017-02-14 20:40 - 2017-02-14 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizet
    2017-02-14 20:27 - 2017-02-14 20:27 - 00000000 ____D C:\Program Files (x86)\Wizet
    2017-02-14 14:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2017-02-14 14:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2017-02-14 14:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2017-02-14 14:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
    2017-02-14 14:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2017-02-14 14:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2017-02-14 14:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2017-02-14 14:16 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2017-02-14 14:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
    2017-02-14 14:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
    2017-02-14 14:16 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2017-02-14 14:16 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
    2017-02-14 14:16 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2017-02-14 14:16 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2017-02-14 14:16 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
    2017-02-14 14:16 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2017-02-14 14:16 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
    2017-02-14 14:16 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
    2017-02-14 14:16 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
    2017-02-14 14:16 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
    2017-02-14 14:15 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
    2017-02-14 14:15 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
    2017-02-14 14:15 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2017-02-14 14:15 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
    2017-02-14 14:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
    2017-02-14 14:14 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
    2017-02-14 14:14 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2017-02-14 14:14 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2017-02-14 14:14 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
    2017-02-14 14:14 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
    2017-02-14 14:14 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2017-02-14 14:14 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
    2017-02-14 14:14 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2017-02-14 14:14 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2017-02-14 14:14 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
    2017-02-14 14:14 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2017-02-14 14:14 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
    2017-02-14 14:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
    2017-02-14 14:13 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2017-02-14 14:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
    2017-02-14 14:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2017-02-14 14:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2017-02-14 14:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
    2017-02-14 14:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
    2017-02-14 14:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2017-02-14 14:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2017-02-14 14:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
    2017-02-14 14:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2017-02-14 14:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
    2017-02-14 14:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2017-02-14 14:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2017-02-14 14:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
    2017-02-14 14:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
    2017-02-14 14:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2017-02-14 14:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
    2017-02-14 14:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2017-02-14 14:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
    2017-02-14 14:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2017-02-14 14:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
    2017-02-14 14:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2017-02-14 14:12 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
    2017-02-14 14:12 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2017-02-14 14:12 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
    2017-02-14 14:12 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2017-02-14 14:12 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
    2017-02-14 14:12 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2017-02-14 14:12 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
    2017-02-14 14:12 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2017-02-14 14:12 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
    2017-02-14 14:12 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2017-02-14 14:11 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
    2017-02-14 14:11 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
    2017-02-14 14:11 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2017-02-14 14:11 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
    2017-02-14 14:11 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
    2017-02-14 14:11 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2017-02-14 14:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
    2017-02-14 14:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2017-02-14 14:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
    2017-02-14 14:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2017-02-14 14:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
    2017-02-14 14:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2017-02-14 14:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
    2017-02-14 14:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2017-02-14 14:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
    2017-02-14 14:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2017-02-14 14:10 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
    2017-02-14 14:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2017-02-14 14:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
    2017-02-14 14:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2017-02-14 14:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2017-02-14 14:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
    2017-02-14 14:10 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2017-02-14 14:10 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2017-02-14 14:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
    2017-02-14 14:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2017-02-14 14:10 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
    2017-02-14 14:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2017-02-14 14:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2017-02-14 14:10 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
    2017-02-14 14:10 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
    2017-02-14 14:10 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
    2017-02-14 14:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2017-02-14 14:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2017-02-14 14:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2017-02-14 14:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
    2017-02-14 14:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
    2017-02-14 14:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2017-02-14 14:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
    2017-02-14 14:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2017-02-14 14:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
    2017-02-14 14:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2017-02-14 14:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
    2017-02-14 14:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2017-02-14 14:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
    2017-02-14 14:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2017-02-14 14:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
    2017-02-14 14:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2017-02-14 14:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
    2017-02-14 14:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2017-02-14 14:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
    2017-02-14 14:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2017-02-14 14:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
    2017-02-14 14:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2017-02-14 14:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2017-02-14 14:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2017-02-14 14:09 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
    2017-02-14 14:09 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Sun
    2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\Users\Lee\AppData\LocalLow\Sun
    2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-02-14 13:25 - 2017-02-14 13:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2017-02-14 13:24 - 2017-02-14 13:25 - 00000000 ____D C:\ProgramData\Oracle
    2017-02-14 13:24 - 2017-02-14 13:24 - 00000000 ____D C:\Program Files (x86)\Java
    2017-02-14 13:13 - 2017-02-14 13:13 - 00738880 _____ (Oracle Corporation) C:\Users\Lee\Downloads\jxpiinstall.exe
    2017-02-12 19:38 - 2017-03-01 12:40 - 00371712 ___SH C:\Users\Lee\Downloads\Thumbs.db
    2017-02-11 20:26 - 2017-03-04 10:17 - 00000000 ____D C:\Users\Lee\AppData\Local\CrashDumps
    2017-02-11 09:38 - 2017-02-11 09:38 - 00000000 ____D C:\Users\Lee\AppData\Roaming\OpenOffice
    2017-02-11 09:31 - 2017-02-11 09:31 - 00001154 _____ C:\Users\Lee\Desktop\Wordpad.lnk
    2017-02-10 20:34 - 2017-02-10 20:35 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
    2017-02-10 20:34 - 2017-02-10 20:34 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
    2017-02-10 20:34 - 2017-02-10 20:34 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
    2017-02-10 20:32 - 2017-02-10 20:32 - 00000000 ____D C:\Users\Lee\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
    2017-02-10 18:55 - 2017-02-10 19:54 - 140742472 _____ C:\Users\Lee\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
    2017-02-10 16:29 - 2017-02-10 16:29 - 01038336 _____ C:\Users\Lee\Downloads\PlayparkDownloader_v0.3.6.1.msi
    2017-02-10 16:29 - 2017-02-10 16:29 - 00003101 _____ C:\Users\Lee\Desktop\Playpark Downloader.lnk
    2017-02-10 16:29 - 2017-02-10 16:29 - 00003061 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark Downloader.lnk
    2017-02-10 16:29 - 2017-02-10 16:29 - 00000000 ____D C:\Program Files (x86)\Asiasoft Online
    2017-02-10 14:06 - 2017-02-10 14:06 - 00000000 ____D C:\Users\Lee\AppData\Local\NVIDIA Corporation
    2017-02-10 14:05 - 2017-02-10 14:05 - 00000000 ____D C:\ProgramData\Package Cache
    2017-02-10 14:03 - 2016-04-14 13:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2017-02-10 14:03 - 2016-04-14 13:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2017-02-10 14:03 - 2016-04-14 13:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\Users\Lee\AppData\Local\TeamViewer
    2017-02-10 07:27 - 2017-02-23 11:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2017-02-10 07:27 - 2017-02-10 07:27 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-02-10 07:27 - 2017-02-10 07:27 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
    2017-02-10 07:27 - 2017-02-10 07:27 - 00000000 ____D C:\Users\Lee\AppData\Roaming\TeamViewer
    2017-02-10 07:23 - 2017-02-10 07:26 - 14482152 _____ (TeamViewer GmbH) C:\Users\Lee\Downloads\TeamViewer_Setup.exe
    2017-02-10 07:22 - 2017-02-27 18:53 - 00000000 ____D C:\Users\Lee\Documents\temp
    2017-02-10 07:22 - 2017-02-10 07:22 - 00000000 ____D C:\GvTemp
    2017-02-10 07:20 - 2017-02-10 07:20 - 00331464 _____ C:\Windows\Minidump\021017-39078-01.dmp
    2017-02-09 20:56 - 2017-02-22 21:34 - 00000000 ____D C:\Users\Lee\AppData\Local\NVIDIA
    2017-02-09 20:56 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2017-02-09 20:56 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2017-02-09 20:56 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
    2017-02-09 20:56 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2017-02-09 20:56 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2017-02-09 20:56 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2017-02-09 20:53 - 2017-02-20 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2017-02-09 20:53 - 2016-01-23 09:12 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2017-02-09 20:52 - 2016-01-23 11:42 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2017-02-09 20:52 - 2016-01-23 11:42 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 06368312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 02992064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 01263040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2017-02-09 20:50 - 2016-01-23 09:04 - 00532024 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2017-02-09 20:50 - 2016-01-23 09:04 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2017-02-09 20:50 - 2016-01-23 05:07 - 06125650 _____ C:\Windows\system32\nvcoproc.bin
    2017-02-09 20:48 - 2016-01-23 11:42 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436175.dll
    2017-02-09 20:48 - 2016-01-23 11:42 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436175.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 42983992 _____ C:\Windows\system32\nvcompiler.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 37614528 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 31079992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 24911296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 21193544 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 20733832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 17626352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 17218792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 16995064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 14016576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 12379072 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2017-02-09 20:46 - 2016-01-23 11:42 - 03258664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 03145272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 02721216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00948672 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00880576 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00747064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00689600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00501896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00468960 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2017-02-09 20:46 - 2016-01-23 11:42 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2017-02-09 20:37 - 2017-03-04 12:01 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
    2017-02-09 20:37 - 2017-02-09 20:37 - 00002767 _____ C:\Users\Public\Desktop\GIGABYTE OC_GURU.lnk
    2017-02-09 20:37 - 2017-02-09 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
    2017-02-09 20:36 - 2017-02-09 20:36 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
    2017-02-09 19:58 - 2017-02-20 13:49 - 00000000 ____D C:\Users\Lee\AppData\Roaming\MPC-HC
    2017-02-09 19:56 - 2017-02-09 19:56 - 00001239 _____ C:\Users\Lee\Desktop\Media Player Classic.lnk
    2017-02-09 18:55 - 2017-02-09 18:55 - 00003156 _____ C:\Windows\System32\Tasks\klcp_update
    2017-02-09 18:54 - 2017-02-09 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2017-02-09 18:54 - 2017-02-09 18:54 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
    2017-02-09 18:54 - 2016-05-08 18:27 - 03613696 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
    2017-02-09 18:54 - 2016-05-08 18:19 - 03642880 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
    2017-02-09 18:54 - 2015-12-18 18:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
    2017-02-09 18:54 - 2015-12-18 18:00 - 00674816 _____ C:\Windows\SysWOW64\xvidcore.dll
    2017-02-09 18:54 - 2015-12-18 18:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
    2017-02-09 18:54 - 2015-12-18 18:00 - 00282112 _____ C:\Windows\SysWOW64\xvidvfw.dll
    2017-02-09 18:54 - 2015-10-25 01:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
    2017-02-09 18:54 - 2012-07-21 19:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
    2017-02-09 18:54 - 2012-07-21 19:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
    2017-02-09 18:54 - 2011-12-08 02:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
    2017-02-09 18:54 - 2011-12-08 02:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
    2017-02-09 18:25 - 2017-02-09 18:31 - 43807219 _____ (KLCP ) C:\Users\Lee\Downloads\K-Lite_Codec_Pack_1290_Mega.exe
    2017-02-09 18:23 - 2017-02-09 18:24 - 01006644 _____ ( ) C:\Users\Lee\Downloads\CodecTweakTool_615.exe
    2017-02-09 18:05 - 2017-03-04 11:55 - 00000000 ____D C:\Users\Lee\AppData\LocalLow\Mozilla
    2017-02-09 17:21 - 2017-02-09 18:16 - 00000000 ____D C:\Users\Lee\AppData\Local\Mozilla
    2017-02-09 17:21 - 2017-02-09 18:05 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Mozilla
    2017-02-09 17:21 - 2017-02-09 17:21 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-02-09 17:21 - 2017-02-09 17:21 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-02-09 17:21 - 2017-02-09 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-02-09 17:20 - 2017-02-09 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-02-09 16:23 - 2017-02-09 16:24 - 00410408 _____ C:\Windows\Minidump\020917-21218-01.dmp
    2017-02-09 09:53 - 2017-02-10 07:20 - 00000000 ____D C:\Windows\Minidump
    2017-02-09 09:53 - 2017-02-10 07:19 - 271268873 _____ C:\Windows\MEMORY.DMP
    2017-02-09 09:53 - 2017-02-09 09:54 - 00379704 _____ C:\Windows\Minidump\020917-23109-01.dmp
    2017-02-09 06:22 - 2017-02-09 06:17 - 00000355 __RSH C:\Boot.ini.saved
    2017-02-09 06:22 - 2013-08-22 13:17 - 02407936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
    2017-02-09 06:17 - 2017-02-09 06:17 - 00008192 __RSH C:\BOOTSECT.BAK
    2017-02-09 06:17 - 2017-02-08 14:47 - 00000000 ____D C:\Windows\Panther
    2017-02-09 06:17 - 2012-06-18 13:10 - 00000211 ____H C:\Boot.BAK
    2017-02-09 06:09 - 2017-02-12 06:03 - 00000000 ____D C:\Windows.old
    2017-02-08 22:26 - 2017-02-08 22:26 - 00405632 _____ C:\Users\Lee\AppData\Roaming\qd1486563965.sy_
    2017-02-08 22:25 - 2017-02-08 22:26 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Tmp
    2017-02-08 22:25 - 2017-02-08 22:25 - 00000000 ____D C:\Windows\OEM8
    2017-02-08 18:04 - 2017-02-08 18:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2017-02-08 17:25 - 2017-02-08 17:25 - 00000000 ____D C:\Program Files (x86)\VulkanRT
    2017-02-08 17:25 - 2016-09-10 02:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
    2017-02-08 17:25 - 2016-09-10 02:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
    2017-02-08 17:25 - 2016-09-10 02:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
    2017-02-08 17:25 - 2016-09-10 02:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
    2017-02-08 17:24 - 2017-03-04 08:59 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-02-08 17:24 - 2017-01-04 15:31 - 00222648 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2017-02-08 17:24 - 2017-01-04 15:31 - 00210360 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2017-02-08 16:29 - 2017-02-24 13:09 - 00443438 _____ C:\Windows\system32\prfh0804.dat
    2017-02-08 16:29 - 2017-02-24 13:09 - 00135458 _____ C:\Windows\system32\prfc0804.dat
    2017-02-08 16:29 - 2017-02-08 16:27 - 00113084 _____ C:\Windows\system32\prfi0804.dat
    2017-02-08 16:29 - 2017-02-08 16:27 - 00033362 _____ C:\Windows\system32\prfd0804.dat
    2017-02-08 16:27 - 2017-02-08 16:27 - 00000000 ____D C:\Windows\SysWOW64\zh-HANS
    2017-02-08 16:27 - 2017-02-08 16:27 - 00000000 ____D C:\Windows\system32\zh-HANS
    2017-02-08 15:12 - 2017-02-08 15:14 - 00001908 _____ C:\Windows\diagwrn.xml
    2017-02-08 15:12 - 2017-02-08 15:14 - 00001908 _____ C:\Windows\diagerr.xml
    2017-02-08 15:05 - 2017-02-08 15:05 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Macromedia
    2017-02-08 14:54 - 2017-02-17 14:32 - 00000000 ___RD C:\Users\Lee\SkyDrive.old
    2017-02-08 14:53 - 2017-03-04 12:05 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1811311261-2537790386-1638266141-1001
    2017-02-08 14:50 - 2017-02-16 07:28 - 01358934 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-08 14:48 - 2017-02-08 14:48 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-02-08 14:47 - 2017-02-27 18:00 - 00000000 ____D C:\Users\Lee\AppData\Local\VirtualStore
    2017-02-08 14:47 - 2017-02-27 17:48 - 00000000 ____D C:\Users\Lee\AppData\Local\Packages
    2017-02-08 14:47 - 2017-02-08 14:47 - 00001446 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-02-08 14:47 - 2017-02-08 14:47 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Adobe
    2017-02-08 14:46 - 2017-02-22 21:32 - 00000000 ____D C:\Users\Lee
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000020 ___SH C:\Users\Lee\ntuser.ini
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\My Documents
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Videos
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Pictures
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Music
    2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 ____D C:\Windows\CSC
    2017-02-08 14:46 - 2013-08-29 20:35 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Media Center Programs
    2017-02-07 18:59 - 2017-02-07 18:59 - 00000000 ____D C:\NVIDIA
    2017-02-07 17:53 - 2017-02-07 18:05 - 00000000 ____D C:\Documents and Settings 2
    2017-02-07 17:53 - 2017-02-07 17:53 - 00000000 ____D C:\program files2

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-04 08:59 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-03 20:57 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2017-03-02 13:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
    2017-03-02 12:55 - 2013-08-22 22:44 - 00369184 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-02-28 14:21 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
    2017-02-27 20:23 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2017-02-27 15:26 - 2015-12-22 23:49 - 00000000 ___HD C:\Peter
    2017-02-24 20:17 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
    2017-02-24 13:09 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
    2017-02-24 13:07 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
    2017-02-24 13:07 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\MUI
    2017-02-18 12:25 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-02-16 06:54 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-02-16 06:54 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Macromed
    2017-02-10 20:32 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2017-02-09 20:53 - 2012-06-18 13:21 - 00000000 ____D C:\Temp
    2017-02-09 20:50 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Help
    2017-02-09 06:17 - 2013-08-22 23:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
    2017-02-08 18:04 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2017-02-08 16:27 - 2013-08-23 03:11 - 00000000 ____D C:\Program Files\Windows Journal
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\winrm
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\WCN
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\slmgr
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\winrm
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\WCN
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\slmgr
    2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ___SD C:\Windows\system32\dsc
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\WinStore
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Com
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\migwiz
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Com
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\PolicyDefinitions
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\IME
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\FileManager
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\System
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Sysprep
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\oobe
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Dism
    2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\servicing
    2017-02-08 15:08 - 2013-08-22 23:36 - 00000000 __RHD C:\Users\Public\Libraries
    2017-02-08 14:47 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Camera

    ==================== Files in the root of some directories =======

    2017-02-08 22:26 - 2017-02-08 22:26 - 0405632 _____ () C:\Users\Lee\AppData\Roaming\qd1486563965.sy_

    Some files in TEMP:
    ====================
    2017-02-16 17:21 - 2017-02-16 17:21 - 0000512 _____ () C:\Users\Lee\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll
    2017-02-16 17:21 - 2017-02-26 16:29 - 0000056 _____ () C:\Users\Lee\AppData\Local\Temp\711b6bd6e9321fbd57eb396eb6436e7f.dll
    2017-03-03 20:55 - 2017-03-03 07:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Lee\AppData\Local\Temp\HitmanPro.exe
    2017-02-08 17:25 - 2016-12-29 20:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\Lee\AppData\Local\Temp\nvSCPAPI64.dll
    2017-02-09 20:47 - 2016-12-29 20:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\Lee\AppData\Local\Temp\nvStInst.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-02-23 07:07

    ==================== End of FRST.txt ============================


    • 0

    #10
    Peter Lee

    Peter Lee

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 117 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2017
    Ran by Lee (04-03-2017 12:05:43)
    Running from C:\Users\Lee\Documents\Virus\geekstogo
    Windows 8.1 Pro with Media Center (X64) (2017-02-08 06:47:10)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1811311261-2537790386-1638266141-500 - Administrator - Disabled)
    Guest (S-1-5-21-1811311261-2537790386-1638266141-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1811311261-2537790386-1638266141-1003 - Limited - Enabled)
    Lee (S-1-5-21-1811311261-2537790386-1638266141-1001 - Administrator - Enabled) => C:\Users\Lee

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
    GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.96.0000 - GIGABYTE Technology Co.,Ltd.)
    GIGABYTE OC_GURU II (x32 Version: 1.96.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
    ILLUSION SexyビーチZERO (HKLM-x32\...\{51FAC155-0705-4EA0-B00F-7955676627BF}) (Version: 1.00.0000 - ILLUSION)
    ILLUSION おっぱいスライダー2 (HKLM-x32\...\{6B0B39AC-22EC-44AA-AEBB-B9E52250FEED}) (Version: 1.00.0000 - ILLUSION)
    Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    K-Lite Mega Codec Pack 12.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.0 - KLCP)
    MapleStorySEA version 1.50 (HKLM-x32\...\{838168F3-D9F3-4FC0-B818-1E6E7B7831D5}_is1) (Version: 1.50 - Asiasoft Online Pte.Ltd.)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
    NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA Miracast Virtual Audio 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
    Playpark Downloader (HKLM-x32\...\{D81B5861-F391-4905-A779-8A82994F3A00}) (Version: 0.3.6 - Asiasoft Online)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
    SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
    μTorrent (HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
    完美游戏平台 (HKLM-x32\...\PGP) (Version: 2.5.9.1227 - PWRD, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1B7E15E4-76FB-4718-A15A-6F7E5136B5FB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-01] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2017-02-09 20:50 - 2016-01-23 09:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2017-02-09 20:54 - 2016-06-15 09:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2017-02-09 20:54 - 2016-06-15 09:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2017-02-10 14:05 - 2016-06-15 09:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2017-02-08 22:26 - 2017-02-08 22:26 - 00267264 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll
    2017-02-10 08:28 - 2017-02-10 08:29 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 21:25 - 2017-03-02 12:53 - 00000890 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 xhamsterxxx.xyz
    127.0.0.1 www.duba.com
    127.0.0.1

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: AxAutoMntSrv => 2
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: McComponentHostService => 3
    MSCONFIG\Services: StarWindServiceAE => 2
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: WmgpService => 3
    HKLM\...\StartupApproved\StartupFolder: => "GIGABYTE OC_GURU.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\Run: => "NvBackend"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\StartupApproved\Run: => "AlcoholAutomount"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{3D6F92E3-5410-4DE7-B339-F5E136873626}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5F6AFA09-7D4F-442A-8CE8-E94012BEFA8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{946B61ED-7E76-40CE-B325-817EE0A737C4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{375D0796-CF8C-4FED-8D6E-5B15F65BFE48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{4A9CC1BB-C7CD-414D-917F-15A8EED342CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{B85BA918-4485-43EE-9449-D5648F7C5D9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{2E68CAFE-BCAF-4CDA-87BA-65E678FE5BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{71CA6087-8F98-49D6-81B7-5F2EF7A2876C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{CEE6F92C-DA85-42D5-8549-20A47DEFDB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{D022D86D-9A8B-462D-983A-569475070C34}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{51B6253F-D390-415D-8D37-2148E279EAF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{85D540F2-E186-4B47-B1F3-F579F19CF756}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{B4CEF642-48ED-48A5-A461-3927C62A95F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{C96E1ACA-8541-49DF-95C8-BF33A252A5DE}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
    FirewallRules: [UDP Query User{D68801A9-2992-4058-9E70-7679EE1A8E61}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
    FirewallRules: [TCP Query User{91938808-AF53-46DD-BA75-446E783DD0C4}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{F08F38FA-6230-4309-8C10-7DBC9D0D570D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [{9C817201-D5D9-4144-9ACA-E5DBAEA3489A}] => (Allow) C:\Program Files (x86)\PGP\wmgp.exe
    FirewallRules: [{3D880ABF-D6D1-4019-B36E-3A2187F73D15}] => (Allow) C:\Program Files (x86)\PGP\wmgp.exe
    FirewallRules: [{CA42FA96-8EB6-4DFD-8A62-D29BF3B079B4}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebGame.exe
    FirewallRules: [{4F8A94C2-39B0-40E1-86EB-64545DB9C0E4}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebGame.exe
    FirewallRules: [{860A50E9-9789-4ECA-9041-B147550F8DB2}] => (Allow) C:\Program Files (x86)\PGP\WmgpBrowser.exe
    FirewallRules: [{33B1BA51-BEB5-458C-9B75-600C14CF0AC8}] => (Allow) C:\Program Files (x86)\PGP\WmgpBrowser.exe
    FirewallRules: [{755296EB-0819-4537-9994-151B706F1DEE}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebBooster.exe
    FirewallRules: [{7DFD6D21-7FEB-44C3-B617-5564864043A7}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebBooster.exe
    FirewallRules: [{DBD0BBFB-14BE-455A-98BB-AD67B065BF22}] => (Allow) C:\Program Files (x86)\PGP\XunLei\download\MiniThunderPlatform.exe
    FirewallRules: [{552BEAB5-5A76-4ED1-81BB-5384C11E80DE}] => (Allow) C:\Program Files (x86)\PGP\XunLei\download\MiniThunderPlatform.exe
    FirewallRules: [{F52A5708-F3E7-45EE-B616-B5D24B48721B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
    FirewallRules: [{5C95202A-2C7E-4A12-870D-7446E5F28B8E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
    FirewallRules: [{7856266E-56C8-4874-9F8E-E5D1FEFA279F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
    FirewallRules: [{24885D04-D094-4341-9EFD-225DEBB8B1A3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
    FirewallRules: [{520FA5FB-7D30-416D-983D-5B159E4B27D3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    FirewallRules: [{360BF758-9FCD-4BF8-89FB-DA267AA6F92C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
    FirewallRules: [{09E5A488-7AEB-4C2A-8AA7-69B6B264DB60}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{5F65CD03-5030-47F8-BD17-D413DEBDC391}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E2C7DBA4-C68F-4D6A-BA56-1D314404092F}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{37522116-8C98-4992-9973-12FDFCB8DF29}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8E04F20B-22A6-4B02-AB1E-5BA1A6BAEF4D}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{B8EC7065-46E9-4F2D-A7F6-A4E664C8CA42}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{5DFB6AF9-41C6-41FD-975B-459E654BA093}] => (Allow) %ProgramFiles% (x86)\Wizet\MapleStorySEA\MapleStory.exe
    FirewallRules: [{02A081D6-A909-40FC-A7B9-D1A641FE3872}] => (Allow) C:\Windows\Explorer.EXE
    FirewallRules: [{B713A9BB-3A39-4367-84E8-1BB4F0593DD6}] => (Allow) C:\Windows\Explorer.EXE

    ==================== Restore Points =========================

    03-03-2017 07:12:53 JRT Pre-Junkware Removal
    03-03-2017 21:24:45 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/04/2017 10:17:42 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x57cd2fb9
    Faulting module name: jscript9.dll, version: 11.0.9600.16384, time stamp: 0x52158459
    Exception code: 0xc0000005
    Fault offset: 0x0035628b
    Faulting process id: 0x172c
    Faulting application start time: 0x01d2948d1d885224
    Faulting application path: c:\windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SYSTEM32\jscript9.dll
    Report Id: bebcade2-0080-11e7-8287-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/04/2017 10:01:47 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x5774b37e
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.16384, time stamp: 0x52158f2d
    Exception code: 0xc000041d
    Fault offset: 0x00013d67
    Faulting process id: 0x764
    Faulting application start time: 0x01d2948b3fe9a5af
    Faulting application path: c:\windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
    Report Id: 85701051-007e-11e7-8287-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/04/2017 09:58:50 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x57cd2fb9
    Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x57cd2fb9
    Exception code: 0xc0000005
    Fault offset: 0x00040c43
    Faulting process id: 0x15b0
    Faulting application start time: 0x01d2948ad3c6d88f
    Faulting application path: c:\windows\SysWOW64\svchost.exe
    Faulting module path: c:\windows\SysWOW64\svchost.exe
    Report Id: 1c1d4976-007e-11e7-8287-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/04/2017 09:46:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Exception code: 0xc0000005
    Fault offset: 0x000db6e0
    Faulting process id: 0xf18
    Faulting application start time: 0x01d29482b113b353
    Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SysWOW64\svchost.exe
    Report Id: 61157c5c-007c-11e7-8287-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/04/2017 09:46:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Exception code: 0xc00001a5
    Fault offset: 0x016d35d9
    Faulting process id: 0xf18
    Faulting application start time: 0x01d29482b113b353
    Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SysWOW64\svchost.exe
    Report Id: 5f2f1c99-007c-11e7-8287-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/04/2017 09:00:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (03/04/2017 09:00:25 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    Error: (03/03/2017 10:04:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Exception code: 0xc0000005
    Fault offset: 0x0107f484
    Faulting process id: 0xf48
    Faulting application start time: 0x01d29426ff5f1d4c
    Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SysWOW64\svchost.exe
    Report Id: 4f1a98ba-001a-11e7-8286-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/03/2017 10:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
    Exception code: 0xc00001a5
    Fault offset: 0x016d101b
    Faulting process id: 0xf48
    Faulting application start time: 0x01d29426ff5f1d4c
    Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting module path: C:\Windows\SysWOW64\svchost.exe
    Report Id: 4dfaa5aa-001a-11e7-8286-20cf30859c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/03/2017 09:36:00 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: DllHost (1340) IndexedDb: Database recovery/restore failed with unexpected error -1216.

    System errors:
    =============
    Error: (03/04/2017 11:15:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (03/04/2017 10:08:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (03/03/2017 10:10:07 PM) (Source: DCOM) (EventID: 10010) (User: PETERLEE)
    Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

    Error: (03/03/2017 10:10:07 PM) (Source: DCOM) (EventID: 10010) (User: PETERLEE)
    Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

    Error: (03/03/2017 10:10:07 PM) (Source: DCOM) (EventID: 10010) (User: PETERLEE)
    Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

    Error: (03/03/2017 10:10:07 PM) (Source: DCOM) (EventID: 10010) (User: PETERLEE)
    Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

    Error: (03/03/2017 09:25:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/03/2017 09:25:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
    The service did not start due to a logon failure.

    Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    The service did not start due to a logon failure.

    CodeIntegrity:
    ===================================
      Date: 2017-02-08 17:21:22.165
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
    Percentage of memory in use: 47%
    Total physical RAM: 2047.11 MB
    Available physical RAM: 1064.62 MB
    Total Virtual: 4095.11 MB
    Available Virtual: 2512.18 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.78 GB) (Free:113.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (New Volume) (Fixed) (Total:232.88 GB) (Free:57.35 GB) NTFS
    Drive f: (KINGSTON32) (Removable) (Total:29.28 GB) (Free:2.73 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 87A087A0)
    Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 29.3 GB) (Disk ID: 3351A1EF)
    Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

     


    • 0

    Advertisements


    #11
    Peter Lee

    Peter Lee

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 117 posts

    C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll
    Detection ratio: 0/58

    2 files below not shown:
    C:\Windows\system32\MpKsluhmVv.dll - detection ration 3/57
    renamed to mpksluhmvv.dll
    DrWeb   Trojan.Gudr.2    20170303
    Qihoo-360  Trojan.Generic    20170303
    Tencent  Win32.Rootkit.Gen.Tsjh  20170303

    C:\Windows\system32\MpKsljsDmE.dll - Detection ratio: 3/57
    renamed to mpksljsdme.dll
    DrWeb   Trojan.Gudr.2    20170303
    Qihoo-360  Trojan.Generic    20170303
    Tencent  Win32.Rootkit.Gen.Tsjh  20170303


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Could you answer my questions from the previous post?

     

     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   5.43KB   17 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    • 0

    #13
    Peter Lee

    Peter Lee

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 117 posts

    TeamViewer? yes
    SoftEther VPN Client? yes
    完美游戏平台 (HKLM-x32\...\PGP) (Version: 2.5.9.1227 - PWRD, Inc.)?  Translates from Japanese as Perfect Model no idea what it does. = perfect world - game from china - installed
    ILLUSION SexyビーチZERO (HKLM-x32\...\{51FAC155-0705-4EA0-B00F-7955676627BF}) (Version: 1.00.0000 - ILLUSION)? = japanese game
    ILLUSION おっぱいスライダー2 (HKLM-x32\...\{6B0B39AC-22EC-44AA-AEBB-B9E52250FEED}) (Version: 1.00.0000 - ILLUSION) ? - japanese game


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    ok.  If either of the first two are set up to allow remote access, change the passwords and make them at least 8 characters and don't use words that might be in a dictionary.


    • 0

    #15
    Peter Lee

    Peter Lee

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 117 posts

    Fix result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
    Ran by Lee (04-03-2017 22:40:55) Run:1
    Running from C:\Users\Lee\Documents\Virus\geekstogo
    Loaded Profiles: Lee (Available Profiles: Lee)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CMD: del /a /q c:\windows\prefetch\*.pf
    ShellIconOverlayIdentifiers: [StorageProviderErrorEx] -> {1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll [2017-02-08] ()
    C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power
    GroupPolicyScripts: Restriction <======= ATTENTION
    FF Plugin-x32: @wanmei.com/npArcPlayNowPlugin ->  [No File]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2017-02-26 08:04 - 2017-02-26 08:04 - 00405536 _____ C:\Windows\system32\MpKsluhmVv.dll
    2017-02-20 12:11 - 2017-02-20 12:11 - 00405536 _____ C:\Windows\system32\MpKsljsDmE.dll
    2017-02-08 22:26 - 2017-02-08 22:26 - 00405632 _____ C:\Users\Lee\AppData\Roaming\qd1486563965.sy_
    2017-02-08 22:26 - 2017-02-08 22:26 - 0405632 _____ () C:\Users\Lee\AppData\Roaming\qd1486563965.sy_
    2017-02-16 17:21 - 2017-02-16 17:21 - 0000512 _____ () C:\Users\Lee\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll
    2017-02-16 17:21 - 2017-02-26 16:29 - 0000056 _____ () C:\Users\Lee\AppData\Local\Temp\711b6bd6e9321fbd57eb396eb6436e7f.dll
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath
    2017-02-08 22:26 - 2017-02-08 22:26 - 00267264 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll
    CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" 
    reboot:

    *****************


    ========= del /a /q c:\windows\prefetch\*.pf =========

    ========= End of CMD: =========

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\StorageProviderErrorEx => key removed successfully
    HKCR\CLSID\{1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => key not found.
    C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power => moved successfully
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@wanmei.com/npArcPlayNowPlugin => key removed successfully
    HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
    xhunter1 => service removed successfully
    C:\Windows\system32\MpKsluhmVv.dll => moved successfully
    C:\Windows\system32\MpKsljsDmE.dll => moved successfully
    C:\Users\Lee\AppData\Roaming\qd1486563965.sy_ => moved successfully
    "C:\Users\Lee\AppData\Roaming\qd1486563965.sy_" => not found.
    C:\Users\Lee\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll => moved successfully
    C:\Users\Lee\AppData\Local\Temp\711b6bd6e9321fbd57eb396eb6436e7f.dll => moved successfully
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => key removed successfully
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F4BD64D-C4B6-2C56-6271-9528F68E902C} => key removed successfully
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F527C76-757F-A71E-C1E3-607BC2A6F5BC} => key removed successfully
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F7302C3-487D-F915-4D3C-9664CDDCB4C2} => key removed successfully
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F8B7A22-F28E-BC0D-F842-EC9C65A7C699} => key removed successfully
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => key removed successfully
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E4BD64D-C4B6-2C56-6271-9528F68E902C} => key removed successfully
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E527C76-757F-A71E-C1E3-607BC2A6F5BC} => key removed successfully
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E7302C3-487D-F915-4D3C-9664CDDCB4C2} => key removed successfully
    HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E8B7A22-F28E-BC0D-F842-EC9C65A7C699} => key removed successfully
    "C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll" => not found.

    ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


    ========= End of CMD: =========

     

    The system needed a reboot.

    ==== End of Fixlog 22:41:38 ====

     


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP