I'm using Windows 8.1 Pro. I never use Internet Explorer. I found suspicious activity under Internet Explorer. Under History many urls found.
Suspicious Activity under Internet Explorer
#1
Posted 03 March 2017 - 04:54 AM
#2
Posted 03 March 2017 - 06:36 AM
- Pause your anti-virus. Close all browsers.
#3
Posted 03 March 2017 - 07:35 AM
# AdwCleaner v6.044 - Logfile created 03/03/2017 at 21:05:32
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 8.1 Pro with Media Center (X64)
# Username : Lee - PETERLEE
# Running from : C:\Users\Lee\Documents\Virus\geekstogo\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Folder Found: C:\Users\Lee\AppData\Local\svchost
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
No malicious task found.
***** [ Registry ] *****
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\120ask.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.120ask.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\120ask.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.120ask.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1050 Bytes] - [02/03/2017 22:18:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [1185 Bytes] - [02/03/2017 22:17:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1786 Bytes] - [03/03/2017 21:05:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1859 Bytes] ##########
#4
Posted 03 March 2017 - 07:35 AM
# AdwCleaner v6.044 - Logfile created 03/03/2017 at 21:19:00
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 8.1 Pro with Media Center (X64)
# Username : Lee - PETERLEE
# Running from : C:\Users\Lee\Documents\Virus\geekstogo\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Lee\AppData\Local\svchost
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\120ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.120ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\120ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.120ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1050 Bytes] - [02/03/2017 22:18:18]
C:\AdwCleaner\AdwCleaner[C2].txt - [1625 Bytes] - [03/03/2017 21:19:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [1185 Bytes] - [02/03/2017 22:17:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1954 Bytes] - [03/03/2017 21:05:32]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1844 Bytes] ##########
#5
Posted 03 March 2017 - 07:38 AM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 8.1 Pro with Media Center x64
Ran by Lee (Administrator) on 03-Mar-17 at 21:24:40.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03-Mar-17 at 21:26:06.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#6
Posted 03 March 2017 - 07:49 AM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Lee (administrator) on PETERLEE (03-03-2017 21:29:49)
Running from C:\Users\Lee\Documents\Virus\geekstogo
Loaded Profiles: Lee (Available Profiles: Lee)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
ShellIconOverlayIdentifiers: [StorageProviderErrorEx] -> {1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll [2017-02-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-02-09]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\Launcher.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-02-23]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{982F0D76-3896-46D8-BC3D-5ADB2C6AA09C}: [NameServer] 8.8.8.8,8.8.4.4
Internet Explorer:
==================
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 322oiu4s.default
FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default [2017-03-03]
FF Homepage: Mozilla\Firefox\Profiles\322oiu4s.default -> hxxps://www.google.com/?gws_rd=ssl
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default\features\{a511ca8b-29a0-4f15-9294-034ec4e2e54c}\[email protected] [2017-03-02]
FF Extension: (TLS 1.3 Compatibility Testing 3) - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default\features\{a511ca8b-29a0-4f15-9294-034ec4e2e54c}\[email protected] [2017-03-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @wanmei.com/npArcPlayNowPlugin -> [No File]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S4 WmgpService; C:\Program Files (x86)\PGP\WmgpService.exe [26616 2016-12-27] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2017-02-20] (Alcohol Soft Development Team)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-03] ()
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38432 2017-02-23] (SoftEther Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [50208 2017-02-23] (SoftEther Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51232 2017-02-23] (SoftEther Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2017-02-20] (Duplex Secure Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 21:29 - 2017-03-03 21:29 - 00000000 ____D C:\FRST
2017-03-03 21:20 - 2017-03-03 21:22 - 00000000 ____D C:\Users\Lee\AppData\Local\svchost
2017-03-03 07:18 - 2017-03-03 13:12 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-03-03 07:17 - 2017-03-03 20:55 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-03 07:17 - 2017-03-03 13:12 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-03 07:16 - 2017-03-03 21:26 - 00000561 _____ C:\Users\Lee\Desktop\JRT.txt
2017-03-03 07:07 - 2017-03-03 07:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Lee\Downloads\hitmanpro_x64.exe
2017-03-03 07:06 - 2017-03-03 07:06 - 01663736 _____ (Malwarebytes) C:\Users\Lee\Downloads\JRT.exe
2017-03-02 22:09 - 2017-03-03 21:19 - 00000000 ____D C:\AdwCleaner
2017-03-02 16:54 - 2017-03-02 16:54 - 00142168 ____H C:\Windows\SysWOW64\mlfcache.dat
2017-03-01 15:43 - 2017-03-01 15:44 - 00000000 ____D C:\abc
2017-03-01 12:00 - 2017-03-03 18:55 - 00000000 ____D C:\Users\Lee\Documents\Virus
2017-02-28 21:13 - 2017-02-28 21:13 - 00000000 ____D C:\Users\Lee\Downloads\WinMTR-v092
2017-02-28 21:04 - 2017-02-28 21:12 - 01912363 _____ C:\Users\Lee\Downloads\WinMTR-v092.zip
2017-02-28 14:39 - 2017-02-28 14:39 - 00000000 ____D C:\Windows\pss
2017-02-27 21:58 - 2017-02-28 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2017-02-27 19:11 - 2017-02-27 19:11 - 00009259 _____ C:\lsp.txt
2017-02-27 18:04 - 2017-02-27 18:04 - 00061746 _____ C:\Users\Lee\Desktop\DxDiag.txt
2017-02-27 18:00 - 2017-02-27 18:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lee\Downloads\HijackThis.exe
2017-02-27 11:24 - 2017-02-28 15:02 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2017-02-27 11:22 - 2017-02-27 11:22 - 00000000 ___HD C:\Program Files (x86)\NCWest
2017-02-27 11:22 - 2017-02-27 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-02-27 10:34 - 2017-02-27 11:18 - 227200840 _____ (NC Interactive, LLC) C:\Users\Lee\Downloads\BnS_Lite_Installer.exe
2017-02-26 11:34 - 2017-02-26 11:37 - 00052736 ___SH C:\Users\Lee\Documents\Thumbs.db
2017-02-26 11:34 - 2017-02-26 11:34 - 00569454 _____ C:\Users\Lee\Documents\10021482921278555.bmp
2017-02-26 08:04 - 2017-02-26 08:04 - 00405536 _____ C:\Windows\system32\MpKsluhmVv.dll
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files\MSBuild
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-24 12:57 - 2013-08-03 12:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-02-24 12:57 - 2013-08-03 12:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-24 12:57 - 2013-08-03 12:41 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-02-24 12:56 - 2013-08-03 12:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-02-24 12:56 - 2013-08-03 12:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-24 12:56 - 2013-08-03 12:48 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-02-23 12:46 - 2017-02-23 13:05 - 00000000 ___HD C:\Users\Lee\Downloads\FakeHospital - Daisy Lee (Blonde Patient [bleep]ed by Her Doctor) 02.22.17 720p
2017-02-23 12:01 - 2017-02-23 12:09 - 00000000 ___HD C:\Users\Lee\Downloads\Playboy USA - March-April 2017 - True PDF - 3709 [ECLiPSE]
2017-02-23 12:01 - 2017-02-23 12:01 - 00038432 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_VPN.sys
2017-02-23 11:49 - 2017-02-23 11:49 - 00000000 ____D C:\hydra_tmp_1487821788055
2017-02-23 11:48 - 2017-02-28 15:54 - 00000000 ____D C:\Users\Lee\AppData\Roaming\uTorrent
2017-02-23 11:47 - 2017-02-23 11:47 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2017-02-23 11:47 - 2017-02-23 11:47 - 00050208 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\see.sys
2017-02-23 11:47 - 2017-02-23 11:47 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2017-02-23 11:47 - 2017-02-23 11:47 - 00001945 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2017-02-23 11:47 - 2017-02-23 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2017-02-23 11:46 - 2017-03-03 21:26 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2017-02-23 11:46 - 2017-02-23 11:46 - 00051232 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys
2017-02-23 11:45 - 2017-02-23 11:45 - 00000000 ____D C:\Users\Lee\Downloads\vpngate-client-2017.02.23-build-9634.137761
2017-02-23 11:34 - 2017-02-23 11:43 - 54265482 _____ C:\Users\Lee\Downloads\vpngate-client-2017.02.23-build-9634.137761.zip
2017-02-22 17:37 - 2017-02-22 17:38 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Wmgp
2017-02-22 17:37 - 2017-02-22 17:37 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\完美游戏平台
2017-02-22 17:36 - 2017-02-26 11:32 - 00000000 ____D C:\Program Files (x86)\PGP
2017-02-22 17:27 - 2017-02-22 17:35 - 61039328 _____ C:\Users\Lee\Downloads\pgp_2.5.9.1227.exe
2017-02-22 15:52 - 2017-02-22 15:52 - 00001347 _____ C:\Users\Lee\Desktop\Windows Media Player.lnk
2017-02-20 14:50 - 2017-02-20 14:50 - 00055837 _____ C:\Users\Lee\AppData\LocalLow\wbkFB70.tmp
2017-02-20 12:54 - 2017-03-02 12:54 - 00000200 _____ C:\Users\Lee\Documents\ax_files.xml
2017-02-20 12:28 - 2017-02-20 12:28 - 00000000 ___HD C:\Program Files (x86)\illusion
2017-02-20 12:22 - 2017-02-20 12:22 - 00293888 _____ (Alcohol Soft Development Team) C:\Windows\system32\Drivers\axscsidrv.sys
2017-02-20 12:17 - 2017-02-20 12:17 - 00001200 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2017-02-20 12:17 - 2017-02-20 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
2017-02-20 12:16 - 2017-02-20 12:16 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2017-02-20 12:11 - 2017-02-20 12:11 - 00405536 _____ C:\Windows\system32\MpKsljsDmE.dll
2017-02-20 12:10 - 2017-02-20 12:10 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2017-02-20 11:21 - 2017-02-20 12:54 - 00000000 ___HD C:\Users\Lee\Documents\Oppai Slider
2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ___HD C:\Users\Lee\Downloads\[051125][ILLUSION](205861) Oppai Slider 2 (1DVD)(iso+mds)
2017-02-18 12:26 - 2017-02-18 12:26 - 00000000 ____D C:\Users\Lee\Downloads\FormatFactory.3.9.portable
2017-02-18 11:32 - 2017-02-18 12:14 - 118751860 _____ C:\Users\Lee\Downloads\FormatFactory.3.9.portable.rar
2017-02-17 14:32 - 2017-03-03 21:20 - 00000000 ___RD C:\Users\Lee\SkyDrive
2017-02-17 11:42 - 2017-02-17 11:42 - 00001108 _____ C:\Users\Lee\Desktop\Calculator.lnk
2017-02-16 21:04 - 2017-02-16 21:04 - 00000210 _____ C:\Users\Lee\Desktop\MapleStory Status Checker.URL
2017-02-16 17:52 - 2017-02-16 18:21 - 00077552 _____ C:\Users\Lee\Desktop\AS_Latency_Check.txt
2017-02-16 17:51 - 2017-02-16 17:51 - 00001626 _____ C:\Users\Lee\Downloads\Asiasoft_Network_Diagnostic_Tool.bat
2017-02-16 06:55 - 2017-02-16 06:55 - 00000000 ____D C:\Users\Lee\AppData\Local\Macromedia
2017-02-16 06:54 - 2017-02-16 06:54 - 00000000 ____D C:\ProgramData\McAfee
2017-02-16 06:51 - 2017-02-16 06:55 - 00000000 ____D C:\Users\Lee\AppData\Local\Adobe
2017-02-15 22:01 - 2017-02-15 22:01 - 00000000 ____D C:\ProgramData\Nexon
2017-02-14 20:41 - 2017-02-14 20:41 - 00001178 _____ C:\Users\Public\Desktop\MapleStorySEA.lnk
2017-02-14 20:40 - 2017-02-14 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizet
2017-02-14 20:27 - 2017-02-14 20:27 - 00000000 ____D C:\Program Files (x86)\Wizet
2017-02-14 14:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-02-14 14:15 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-02-14 14:15 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-02-14 14:15 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-02-14 14:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-02-14 14:14 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-02-14 14:14 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-02-14 14:14 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-02-14 14:14 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-02-14 14:14 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-02-14 14:14 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-02-14 14:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-02-14 14:13 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-02-14 14:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-02-14 14:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-02-14 14:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-02-14 14:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-02-14 14:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-02-14 14:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-02-14 14:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-02-14 14:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-02-14 14:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-02-14 14:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-02-14 14:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-02-14 14:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-02-14 14:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-02-14 14:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-02-14 14:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-02-14 14:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-02-14 14:12 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-02-14 14:12 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-02-14 14:12 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-02-14 14:12 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-02-14 14:12 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-02-14 14:12 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-02-14 14:11 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-02-14 14:11 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-02-14 14:11 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-02-14 14:11 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-02-14 14:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-02-14 14:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-02-14 14:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-02-14 14:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-02-14 14:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-02-14 14:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-02-14 14:10 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-02-14 14:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-02-14 14:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-02-14 14:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-02-14 14:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-02-14 14:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-02-14 14:10 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-02-14 14:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-02-14 14:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-02-14 14:10 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-02-14 14:10 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-02-14 14:10 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-02-14 14:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-02-14 14:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-02-14 14:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-02-14 14:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-02-14 14:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-02-14 14:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-02-14 14:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-02-14 14:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-02-14 14:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-02-14 14:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-02-14 14:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-02-14 14:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-02-14 14:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-02-14 14:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-02-14 14:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-02-14 14:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-02-14 14:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-02-14 14:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-02-14 14:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-02-14 14:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-02-14 14:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-02-14 14:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-02-14 14:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-02-14 14:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-02-14 14:09 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-02-14 14:09 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Sun
2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\Users\Lee\AppData\LocalLow\Sun
2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-14 13:25 - 2017-02-14 13:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-14 13:24 - 2017-02-14 13:25 - 00000000 ____D C:\ProgramData\Oracle
2017-02-14 13:24 - 2017-02-14 13:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-14 13:13 - 2017-02-14 13:13 - 00738880 _____ (Oracle Corporation) C:\Users\Lee\Downloads\jxpiinstall.exe
2017-02-12 19:38 - 2017-03-01 12:40 - 00371712 ___SH C:\Users\Lee\Downloads\Thumbs.db
2017-02-11 20:26 - 2017-03-03 21:22 - 00000000 ____D C:\Users\Lee\AppData\Local\CrashDumps
2017-02-11 09:38 - 2017-02-11 09:38 - 00000000 ____D C:\Users\Lee\AppData\Roaming\OpenOffice
2017-02-11 09:31 - 2017-02-11 09:31 - 00001154 _____ C:\Users\Lee\Desktop\Wordpad.lnk
2017-02-10 20:34 - 2017-02-10 20:35 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-02-10 20:34 - 2017-02-10 20:34 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
2017-02-10 20:34 - 2017-02-10 20:34 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-02-10 20:32 - 2017-02-10 20:32 - 00000000 ____D C:\Users\Lee\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
2017-02-10 18:55 - 2017-02-10 19:54 - 140742472 _____ C:\Users\Lee\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
2017-02-10 16:29 - 2017-02-10 16:29 - 01038336 _____ C:\Users\Lee\Downloads\PlayparkDownloader_v0.3.6.1.msi
2017-02-10 16:29 - 2017-02-10 16:29 - 00003101 _____ C:\Users\Lee\Desktop\Playpark Downloader.lnk
2017-02-10 16:29 - 2017-02-10 16:29 - 00003061 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark Downloader.lnk
2017-02-10 16:29 - 2017-02-10 16:29 - 00000000 ____D C:\Program Files (x86)\Asiasoft Online
2017-02-10 14:06 - 2017-02-10 14:06 - 00000000 ____D C:\Users\Lee\AppData\Local\NVIDIA Corporation
2017-02-10 14:05 - 2017-02-10 14:05 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-10 14:03 - 2016-04-14 13:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-10 14:03 - 2016-04-14 13:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-10 14:03 - 2016-04-14 13:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\Users\Lee\AppData\Local\TeamViewer
2017-02-10 07:27 - 2017-02-23 11:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-10 07:27 - 2017-02-10 07:27 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-10 07:27 - 2017-02-10 07:27 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-02-10 07:27 - 2017-02-10 07:27 - 00000000 ____D C:\Users\Lee\AppData\Roaming\TeamViewer
2017-02-10 07:23 - 2017-02-10 07:26 - 14482152 _____ (TeamViewer GmbH) C:\Users\Lee\Downloads\TeamViewer_Setup.exe
2017-02-10 07:22 - 2017-02-27 18:53 - 00000000 ____D C:\Users\Lee\Documents\temp
2017-02-10 07:22 - 2017-02-10 07:22 - 00000000 ____D C:\GvTemp
2017-02-10 07:20 - 2017-02-10 07:20 - 00331464 _____ C:\Windows\Minidump\021017-39078-01.dmp
2017-02-09 20:56 - 2017-02-22 21:34 - 00000000 ____D C:\Users\Lee\AppData\Local\NVIDIA
2017-02-09 20:56 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-02-09 20:53 - 2017-02-20 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 20:53 - 2016-01-23 09:12 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-09 20:52 - 2016-01-23 11:42 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-09 20:52 - 2016-01-23 11:42 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 06368312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 02992064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 01263040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2017-02-09 20:50 - 2016-01-23 09:04 - 00532024 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-09 20:50 - 2016-01-23 05:07 - 06125650 _____ C:\Windows\system32\nvcoproc.bin
2017-02-09 20:48 - 2016-01-23 11:42 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436175.dll
2017-02-09 20:48 - 2016-01-23 11:42 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436175.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 42983992 _____ C:\Windows\system32\nvcompiler.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 37614528 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 31079992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 24911296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 21193544 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 20733832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 17626352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 17218792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 16995064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 14016576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 12379072 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-09 20:46 - 2016-01-23 11:42 - 03258664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 03145272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 02721216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00948672 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00880576 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00747064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00689600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00501896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00468960 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-09 20:37 - 2017-02-28 15:03 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-02-09 20:37 - 2017-02-09 20:37 - 00002767 _____ C:\Users\Public\Desktop\GIGABYTE OC_GURU.lnk
2017-02-09 20:37 - 2017-02-09 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-02-09 20:36 - 2017-02-09 20:36 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2017-02-09 19:58 - 2017-02-20 13:49 - 00000000 ____D C:\Users\Lee\AppData\Roaming\MPC-HC
2017-02-09 19:56 - 2017-02-09 19:56 - 00001239 _____ C:\Users\Lee\Desktop\Media Player Classic.lnk
2017-02-09 18:55 - 2017-02-09 18:55 - 00003156 _____ C:\Windows\System32\Tasks\klcp_update
2017-02-09 18:54 - 2017-02-09 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-02-09 18:54 - 2017-02-09 18:54 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-02-09 18:54 - 2016-05-08 18:27 - 03613696 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2017-02-09 18:54 - 2016-05-08 18:19 - 03642880 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00674816 _____ C:\Windows\SysWOW64\xvidcore.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00282112 _____ C:\Windows\SysWOW64\xvidvfw.dll
2017-02-09 18:54 - 2015-10-25 01:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2017-02-09 18:54 - 2012-07-21 19:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2017-02-09 18:54 - 2012-07-21 19:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2017-02-09 18:54 - 2011-12-08 02:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2017-02-09 18:54 - 2011-12-08 02:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2017-02-09 18:25 - 2017-02-09 18:31 - 43807219 _____ (KLCP ) C:\Users\Lee\Downloads\K-Lite_Codec_Pack_1290_Mega.exe
2017-02-09 18:23 - 2017-02-09 18:24 - 01006644 _____ ( ) C:\Users\Lee\Downloads\CodecTweakTool_615.exe
2017-02-09 18:05 - 2017-03-03 21:29 - 00000000 ____D C:\Users\Lee\AppData\LocalLow\Mozilla
2017-02-09 17:21 - 2017-02-09 18:16 - 00000000 ____D C:\Users\Lee\AppData\Local\Mozilla
2017-02-09 17:21 - 2017-02-09 18:05 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Mozilla
2017-02-09 17:21 - 2017-02-09 17:21 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 17:21 - 2017-02-09 17:21 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-09 17:21 - 2017-02-09 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-09 17:20 - 2017-02-09 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-09 16:23 - 2017-02-09 16:24 - 00410408 _____ C:\Windows\Minidump\020917-21218-01.dmp
2017-02-09 09:53 - 2017-02-10 07:20 - 00000000 ____D C:\Windows\Minidump
2017-02-09 09:53 - 2017-02-10 07:19 - 271268873 _____ C:\Windows\MEMORY.DMP
2017-02-09 09:53 - 2017-02-09 09:54 - 00379704 _____ C:\Windows\Minidump\020917-23109-01.dmp
2017-02-09 06:22 - 2017-02-09 06:17 - 00000355 __RSH C:\Boot.ini.saved
2017-02-09 06:22 - 2013-08-22 13:17 - 02407936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-02-09 06:17 - 2017-02-09 06:17 - 00008192 __RSH C:\BOOTSECT.BAK
2017-02-09 06:17 - 2017-02-08 14:47 - 00000000 ____D C:\Windows\Panther
2017-02-09 06:17 - 2012-06-18 13:10 - 00000211 ____H C:\Boot.BAK
2017-02-09 06:09 - 2017-02-12 06:03 - 00000000 ____D C:\Windows.old
2017-02-08 22:26 - 2017-02-08 22:26 - 00405632 _____ C:\Users\Lee\AppData\Roaming\qd1486563965.sy_
2017-02-08 22:25 - 2017-02-08 22:26 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Tmp
2017-02-08 22:25 - 2017-02-08 22:25 - 00000000 ____D C:\Windows\OEM8
2017-02-08 18:04 - 2017-02-08 18:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-02-08 17:25 - 2017-02-08 17:25 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 17:25 - 2016-09-10 02:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-08 17:25 - 2016-09-10 02:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-02-08 17:25 - 2016-09-10 02:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-08 17:25 - 2016-09-10 02:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-08 17:24 - 2017-03-03 21:19 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 17:24 - 2017-01-04 15:31 - 00222648 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-02-08 17:24 - 2017-01-04 15:31 - 00210360 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-02-08 16:29 - 2017-02-24 13:09 - 00443438 _____ C:\Windows\system32\prfh0804.dat
2017-02-08 16:29 - 2017-02-24 13:09 - 00135458 _____ C:\Windows\system32\prfc0804.dat
2017-02-08 16:29 - 2017-02-08 16:27 - 00113084 _____ C:\Windows\system32\prfi0804.dat
2017-02-08 16:29 - 2017-02-08 16:27 - 00033362 _____ C:\Windows\system32\prfd0804.dat
2017-02-08 16:27 - 2017-02-08 16:27 - 00000000 ____D C:\Windows\SysWOW64\zh-HANS
2017-02-08 16:27 - 2017-02-08 16:27 - 00000000 ____D C:\Windows\system32\zh-HANS
2017-02-08 15:12 - 2017-02-08 15:14 - 00001908 _____ C:\Windows\diagwrn.xml
2017-02-08 15:12 - 2017-02-08 15:14 - 00001908 _____ C:\Windows\diagerr.xml
2017-02-08 15:05 - 2017-02-08 15:05 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Macromedia
2017-02-08 14:54 - 2017-02-17 14:32 - 00000000 ___RD C:\Users\Lee\SkyDrive.old
2017-02-08 14:53 - 2017-03-03 21:25 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1811311261-2537790386-1638266141-1001
2017-02-08 14:50 - 2017-02-16 07:28 - 01358934 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-08 14:48 - 2017-02-08 14:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-08 14:47 - 2017-02-27 18:00 - 00000000 ____D C:\Users\Lee\AppData\Local\VirtualStore
2017-02-08 14:47 - 2017-02-27 17:48 - 00000000 ____D C:\Users\Lee\AppData\Local\Packages
2017-02-08 14:47 - 2017-02-08 14:47 - 00001446 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-08 14:47 - 2017-02-08 14:47 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Adobe
2017-02-08 14:46 - 2017-02-22 21:32 - 00000000 ____D C:\Users\Lee
2017-02-08 14:46 - 2017-02-08 14:46 - 00000020 ___SH C:\Users\Lee\ntuser.ini
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\My Documents
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Videos
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Pictures
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Music
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 ____D C:\Windows\CSC
2017-02-08 14:46 - 2013-08-29 20:35 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Media Center Programs
2017-02-07 18:59 - 2017-02-07 18:59 - 00000000 ____D C:\NVIDIA
2017-02-07 17:53 - 2017-02-07 18:05 - 00000000 ____D C:\Documents and Settings 2
2017-02-07 17:53 - 2017-02-07 17:53 - 00000000 ____D C:\program files2
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 21:19 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-03 20:57 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-03-02 13:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2017-03-02 12:55 - 2013-08-22 22:44 - 00369184 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-28 14:21 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2017-02-27 20:23 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-27 15:26 - 2015-12-22 23:49 - 00000000 ___HD C:\Peter
2017-02-24 20:17 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2017-02-24 13:09 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-24 13:07 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-02-24 13:07 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\MUI
2017-02-18 12:25 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 06:54 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-16 06:54 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-10 20:32 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-09 20:53 - 2012-06-18 13:21 - 00000000 ____D C:\Temp
2017-02-09 20:50 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Help
2017-02-09 06:17 - 2013-08-22 23:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2017-02-08 18:04 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-08 16:27 - 2013-08-23 03:11 - 00000000 ____D C:\Program Files\Windows Journal
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\winrm
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\winrm
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\WCN
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\slmgr
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ___SD C:\Windows\system32\dsc
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\WinStore
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\migwiz
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Com
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\IME
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\FileManager
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Sysprep
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\oobe
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Dism
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\servicing
2017-02-08 15:08 - 2013-08-22 23:36 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-08 14:47 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Camera
==================== Files in the root of some directories =======
2017-02-08 22:26 - 2017-02-08 22:26 - 0405632 _____ () C:\Users\Lee\AppData\Roaming\qd1486563965.sy_
Some files in TEMP:
====================
2017-02-16 17:21 - 2017-02-16 17:21 - 0000512 _____ () C:\Users\Lee\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll
2017-02-16 17:21 - 2017-02-26 16:29 - 0000056 _____ () C:\Users\Lee\AppData\Local\Temp\711b6bd6e9321fbd57eb396eb6436e7f.dll
2017-03-03 20:55 - 2017-03-03 07:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Lee\AppData\Local\Temp\HitmanPro.exe
2017-02-08 17:25 - 2016-12-29 20:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\Lee\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-09 20:47 - 2016-12-29 20:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\Lee\AppData\Local\Temp\nvStInst.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-23 07:07
==================== End of FRST.txt ============================
Edited by Peter Lee, 03 March 2017 - 08:03 AM.
#7
Posted 03 March 2017 - 08:04 AM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Lee (03-03-2017 21:31:05)
Running from C:\Users\Lee\Documents\Virus\geekstogo
Windows 8.1 Pro with Media Center (X64) (2017-02-08 06:47:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1811311261-2537790386-1638266141-500 - Administrator - Disabled)
Guest (S-1-5-21-1811311261-2537790386-1638266141-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1811311261-2537790386-1638266141-1003 - Limited - Enabled)
Lee (S-1-5-21-1811311261-2537790386-1638266141-1001 - Administrator - Enabled) => C:\Users\Lee
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.96.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.96.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
ILLUSION SexyビーチZERO (HKLM-x32\...\{51FAC155-0705-4EA0-B00F-7955676627BF}) (Version: 1.00.0000 - ILLUSION)
ILLUSION おっぱいスライダー2 (HKLM-x32\...\{6B0B39AC-22EC-44AA-AEBB-B9E52250FEED}) (Version: 1.00.0000 - ILLUSION)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Mega Codec Pack 12.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.0 - KLCP)
MapleStorySEA version 1.50 (HKLM-x32\...\{838168F3-D9F3-4FC0-B818-1E6E7B7831D5}_is1) (Version: 1.50 - Asiasoft Online Pte.Ltd.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Playpark Downloader (HKLM-x32\...\{D81B5861-F391-4905-A779-8A82994F3A00}) (Version: 0.3.6 - Asiasoft Online)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
μTorrent (HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
完美游戏平台 (HKLM-x32\...\PGP) (Version: 2.5.9.1227 - PWRD, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1B7E15E4-76FB-4718-A15A-6F7E5136B5FB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-01] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-02-10 14:05 - 2016-06-15 09:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-02-09 20:54 - 2016-06-15 09:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-02-09 20:54 - 2016-06-15 09:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-02-08 22:26 - 2017-02-08 22:26 - 00267264 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 21:25 - 2017-03-02 12:53 - 00000890 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 xhamsterxxx.xyz
127.0.0.1 www.duba.com
127.0.0.1
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WmgpService => 3
HKLM\...\StartupApproved\StartupFolder: => "GIGABYTE OC_GURU.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\StartupApproved\Run: => "AlcoholAutomount"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3D6F92E3-5410-4DE7-B339-F5E136873626}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F6AFA09-7D4F-442A-8CE8-E94012BEFA8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{946B61ED-7E76-40CE-B325-817EE0A737C4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{375D0796-CF8C-4FED-8D6E-5B15F65BFE48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4A9CC1BB-C7CD-414D-917F-15A8EED342CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B85BA918-4485-43EE-9449-D5648F7C5D9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2E68CAFE-BCAF-4CDA-87BA-65E678FE5BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{71CA6087-8F98-49D6-81B7-5F2EF7A2876C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CEE6F92C-DA85-42D5-8549-20A47DEFDB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D022D86D-9A8B-462D-983A-569475070C34}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{51B6253F-D390-415D-8D37-2148E279EAF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{85D540F2-E186-4B47-B1F3-F579F19CF756}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B4CEF642-48ED-48A5-A461-3927C62A95F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{C96E1ACA-8541-49DF-95C8-BF33A252A5DE}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{D68801A9-2992-4058-9E70-7679EE1A8E61}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{91938808-AF53-46DD-BA75-446E783DD0C4}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{F08F38FA-6230-4309-8C10-7DBC9D0D570D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{9C817201-D5D9-4144-9ACA-E5DBAEA3489A}] => (Allow) C:\Program Files (x86)\PGP\wmgp.exe
FirewallRules: [{3D880ABF-D6D1-4019-B36E-3A2187F73D15}] => (Allow) C:\Program Files (x86)\PGP\wmgp.exe
FirewallRules: [{CA42FA96-8EB6-4DFD-8A62-D29BF3B079B4}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebGame.exe
FirewallRules: [{4F8A94C2-39B0-40E1-86EB-64545DB9C0E4}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebGame.exe
FirewallRules: [{860A50E9-9789-4ECA-9041-B147550F8DB2}] => (Allow) C:\Program Files (x86)\PGP\WmgpBrowser.exe
FirewallRules: [{33B1BA51-BEB5-458C-9B75-600C14CF0AC8}] => (Allow) C:\Program Files (x86)\PGP\WmgpBrowser.exe
FirewallRules: [{755296EB-0819-4537-9994-151B706F1DEE}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebBooster.exe
FirewallRules: [{7DFD6D21-7FEB-44C3-B617-5564864043A7}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebBooster.exe
FirewallRules: [{DBD0BBFB-14BE-455A-98BB-AD67B065BF22}] => (Allow) C:\Program Files (x86)\PGP\XunLei\download\MiniThunderPlatform.exe
FirewallRules: [{552BEAB5-5A76-4ED1-81BB-5384C11E80DE}] => (Allow) C:\Program Files (x86)\PGP\XunLei\download\MiniThunderPlatform.exe
FirewallRules: [{F52A5708-F3E7-45EE-B616-B5D24B48721B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{5C95202A-2C7E-4A12-870D-7446E5F28B8E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{7856266E-56C8-4874-9F8E-E5D1FEFA279F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{24885D04-D094-4341-9EFD-225DEBB8B1A3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{520FA5FB-7D30-416D-983D-5B159E4B27D3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{360BF758-9FCD-4BF8-89FB-DA267AA6F92C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{09E5A488-7AEB-4C2A-8AA7-69B6B264DB60}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F65CD03-5030-47F8-BD17-D413DEBDC391}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E2C7DBA4-C68F-4D6A-BA56-1D314404092F}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{37522116-8C98-4992-9973-12FDFCB8DF29}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E04F20B-22A6-4B02-AB1E-5BA1A6BAEF4D}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B8EC7065-46E9-4F2D-A7F6-A4E664C8CA42}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5DFB6AF9-41C6-41FD-975B-459E654BA093}] => (Allow) %ProgramFiles% (x86)\Wizet\MapleStorySEA\MapleStory.exe
FirewallRules: [{02A081D6-A909-40FC-A7B9-D1A641FE3872}] => (Allow) C:\Windows\Explorer.EXE
FirewallRules: [{B713A9BB-3A39-4367-84E8-1BB4F0593DD6}] => (Allow) C:\Windows\Explorer.EXE
==================== Restore Points =========================
03-03-2017 07:12:53 JRT Pre-Junkware Removal
03-03-2017 21:24:45 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/03/2017 09:24:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (03/03/2017 09:22:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16384, time stamp: 0x52158f2d
Exception code: 0x406d1388
Fault offset: 0x00013d67
Faulting process id: 0x11a4
Faulting application start time: 0x01d294212cb5411b
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report Id: 775019b8-0014-11e7-8286-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2017 09:22:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Exception code: 0xc00001a5
Fault offset: 0x001dfad0
Faulting process id: 0x11a4
Faulting application start time: 0x01d294212cb5411b
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SysWOW64\svchost.exe
Report Id: 741491e9-0014-11e7-8286-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2017 09:20:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (03/03/2017 09:20:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (03/03/2017 09:15:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x57cd2fb9
Faulting module name: ntdll.dll, version: 6.3.9600.16384, time stamp: 0x52159015
Exception code: 0xc0000374
Fault offset: 0x000e2f68
Faulting process id: 0x140c
Faulting application start time: 0x01d294201708c5e2
Faulting application path: c:\windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 78011955-0013-11e7-8285-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2017 09:09:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Exception code: 0xc0000005
Fault offset: 0x0107f484
Faulting process id: 0x78c
Faulting application start time: 0x01d2941f6061be69
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SysWOW64\svchost.exe
Report Id: a6bf1109-0012-11e7-8285-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2017 09:09:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Exception code: 0xc00001a5
Fault offset: 0x016d101b
Faulting process id: 0x78c
Faulting application start time: 0x01d2941f6061be69
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SysWOW64\svchost.exe
Report Id: a522e742-0012-11e7-8285-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2017 08:58:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (03/03/2017 08:58:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
System errors:
=============
Error: (03/03/2017 09:25:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (03/03/2017 09:25:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
The service did not start due to a logon failure.
Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.
Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.
Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (03/03/2017 09:18:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (03/03/2017 09:18:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (03/03/2017 09:18:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2017-02-08 17:21:22.165
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 45%
Total physical RAM: 2047.11 MB
Available physical RAM: 1111.92 MB
Total Virtual: 4095.11 MB
Available Virtual: 2716.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.78 GB) (Free:112.63 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:232.88 GB) (Free:57.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 87A087A0)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#8
Posted 03 March 2017 - 09:49 AM
Did you install
TeamViewer?
SoftEther VPN Client?
完美游戏平台 (HKLM-x32\...\PGP) (Version: 2.5.9.1227 - PWRD, Inc.)? Translates from Japanese as Perfect Model no idea what it does.
You have Alcohol installed but it doesn't show in your installed program list. Could you uninstall it temporarily? http://www.wikihow.c...all-Alcohol-120 Alcohol likes to create random named files which makes my life difficult since random named files are a favorite of malware.
Run FRST again, check Addition.txt and hit Scan. Post both
#9
Posted 03 March 2017 - 10:07 PM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-03-2017
Ran by Lee (administrator) on PETERLEE (04-03-2017 12:04:39)
Running from C:\Users\Lee\Documents\Virus\geekstogo
Loaded Profiles: Lee (Available Profiles: Lee)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
ShellIconOverlayIdentifiers: [StorageProviderErrorEx] -> {1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll [2017-02-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-02-09]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\Launcher.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-02-23]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{982F0D76-3896-46D8-BC3D-5ADB2C6AA09C}: [NameServer] 8.8.8.8,8.8.4.4
Internet Explorer:
==================
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 322oiu4s.default
FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default [2017-03-04]
FF Homepage: Mozilla\Firefox\Profiles\322oiu4s.default -> hxxps://www.google.com/?gws_rd=ssl
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default\features\{1006df96-c7b0-4a5e-8cb3-24d139622644}\[email protected] [2017-03-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @wanmei.com/npArcPlayNowPlugin -> [No File]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S4 WmgpService; C:\Program Files (x86)\PGP\WmgpService.exe [26616 2016-12-27] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-03] ()
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38432 2017-02-23] (SoftEther Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [50208 2017-02-23] (SoftEther Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51232 2017-02-23] (SoftEther Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2017-02-20] (Duplex Secure Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-04 09:04 - 2017-03-04 11:22 - 15313687 _____ C:\Users\Lee\Downloads\DNW-TVBN-19.rmvb.part
2017-03-03 21:29 - 2017-03-04 12:04 - 00000000 ____D C:\FRST
2017-03-03 21:20 - 2017-03-03 21:22 - 00000000 ____D C:\Users\Lee\AppData\Local\svchost
2017-03-03 07:18 - 2017-03-03 13:12 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-03-03 07:17 - 2017-03-03 20:55 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-03 07:17 - 2017-03-03 13:12 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-03 07:16 - 2017-03-03 21:26 - 00000561 _____ C:\Users\Lee\Desktop\JRT.txt
2017-03-03 07:07 - 2017-03-03 07:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Lee\Downloads\hitmanpro_x64.exe
2017-03-03 07:06 - 2017-03-03 07:06 - 01663736 _____ (Malwarebytes) C:\Users\Lee\Downloads\JRT.exe
2017-03-02 22:09 - 2017-03-03 21:19 - 00000000 ____D C:\AdwCleaner
2017-03-02 16:54 - 2017-03-02 16:54 - 00142168 ____H C:\Windows\SysWOW64\mlfcache.dat
2017-03-01 15:43 - 2017-03-01 15:44 - 00000000 ____D C:\abc
2017-03-01 12:00 - 2017-03-03 18:55 - 00000000 ____D C:\Users\Lee\Documents\Virus
2017-02-28 21:13 - 2017-02-28 21:13 - 00000000 ____D C:\Users\Lee\Downloads\WinMTR-v092
2017-02-28 21:04 - 2017-02-28 21:12 - 01912363 _____ C:\Users\Lee\Downloads\WinMTR-v092.zip
2017-02-28 14:39 - 2017-02-28 14:39 - 00000000 ____D C:\Windows\pss
2017-02-27 21:58 - 2017-03-04 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2017-02-27 19:11 - 2017-02-27 19:11 - 00009259 _____ C:\lsp.txt
2017-02-27 18:04 - 2017-02-27 18:04 - 00061746 _____ C:\Users\Lee\Desktop\DxDiag.txt
2017-02-27 18:00 - 2017-02-27 18:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lee\Downloads\HijackThis.exe
2017-02-27 11:24 - 2017-03-04 12:01 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2017-02-27 11:22 - 2017-02-27 11:22 - 00000000 ___HD C:\Program Files (x86)\NCWest
2017-02-27 11:22 - 2017-02-27 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-02-27 10:34 - 2017-02-27 11:18 - 227200840 _____ (NC Interactive, LLC) C:\Users\Lee\Downloads\BnS_Lite_Installer.exe
2017-02-26 11:34 - 2017-02-26 11:37 - 00052736 ___SH C:\Users\Lee\Documents\Thumbs.db
2017-02-26 11:34 - 2017-02-26 11:34 - 00569454 _____ C:\Users\Lee\Documents\10021482921278555.bmp
2017-02-26 08:04 - 2017-02-26 08:04 - 00405536 _____ C:\Windows\system32\MpKsluhmVv.dll
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files\MSBuild
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-24 12:57 - 2013-08-03 12:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-02-24 12:57 - 2013-08-03 12:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-24 12:57 - 2013-08-03 12:41 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-02-24 12:56 - 2013-08-03 12:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-02-24 12:56 - 2013-08-03 12:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-24 12:56 - 2013-08-03 12:48 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-02-23 12:46 - 2017-02-23 13:05 - 00000000 ___HD C:\Users\Lee\Downloads\FakeHospital - Daisy Lee (Blonde Patient [bleep]ed by Her Doctor) 02.22.17 720p
2017-02-23 12:01 - 2017-02-23 12:09 - 00000000 ___HD C:\Users\Lee\Downloads\Playboy USA - March-April 2017 - True PDF - 3709 [ECLiPSE]
2017-02-23 12:01 - 2017-02-23 12:01 - 00038432 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_VPN.sys
2017-02-23 11:49 - 2017-02-23 11:49 - 00000000 ____D C:\hydra_tmp_1487821788055
2017-02-23 11:48 - 2017-02-28 15:54 - 00000000 ____D C:\Users\Lee\AppData\Roaming\uTorrent
2017-02-23 11:47 - 2017-02-23 11:47 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2017-02-23 11:47 - 2017-02-23 11:47 - 00050208 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\see.sys
2017-02-23 11:47 - 2017-02-23 11:47 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2017-02-23 11:47 - 2017-02-23 11:47 - 00001945 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2017-02-23 11:47 - 2017-02-23 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2017-02-23 11:46 - 2017-03-04 09:05 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2017-02-23 11:46 - 2017-02-23 11:46 - 00051232 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys
2017-02-23 11:45 - 2017-02-23 11:45 - 00000000 ____D C:\Users\Lee\Downloads\vpngate-client-2017.02.23-build-9634.137761
2017-02-23 11:34 - 2017-02-23 11:43 - 54265482 _____ C:\Users\Lee\Downloads\vpngate-client-2017.02.23-build-9634.137761.zip
2017-02-22 17:37 - 2017-02-22 17:38 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Wmgp
2017-02-22 17:37 - 2017-02-22 17:37 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\完美游戏平台
2017-02-22 17:36 - 2017-02-26 11:32 - 00000000 ____D C:\Program Files (x86)\PGP
2017-02-22 17:27 - 2017-02-22 17:35 - 61039328 _____ C:\Users\Lee\Downloads\pgp_2.5.9.1227.exe
2017-02-22 15:52 - 2017-02-22 15:52 - 00001347 _____ C:\Users\Lee\Desktop\Windows Media Player.lnk
2017-02-20 14:50 - 2017-02-20 14:50 - 00055837 _____ C:\Users\Lee\AppData\LocalLow\wbkFB70.tmp
2017-02-20 12:54 - 2017-03-04 11:59 - 00000200 _____ C:\Users\Lee\Documents\ax_files.xml
2017-02-20 12:28 - 2017-02-20 12:28 - 00000000 ___HD C:\Program Files (x86)\illusion
2017-02-20 12:16 - 2017-02-20 12:16 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2017-02-20 12:11 - 2017-02-20 12:11 - 00405536 _____ C:\Windows\system32\MpKsljsDmE.dll
2017-02-20 12:10 - 2017-02-20 12:10 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2017-02-20 11:21 - 2017-02-20 12:54 - 00000000 ___HD C:\Users\Lee\Documents\Oppai Slider
2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ___HD C:\Users\Lee\Downloads\[051125][ILLUSION](205861) Oppai Slider 2 (1DVD)(iso+mds)
2017-02-18 12:26 - 2017-02-18 12:26 - 00000000 ____D C:\Users\Lee\Downloads\FormatFactory.3.9.portable
2017-02-18 11:32 - 2017-02-18 12:14 - 118751860 _____ C:\Users\Lee\Downloads\FormatFactory.3.9.portable.rar
2017-02-17 14:32 - 2017-03-04 09:00 - 00000000 ___RD C:\Users\Lee\SkyDrive
2017-02-17 11:42 - 2017-02-17 11:42 - 00001108 _____ C:\Users\Lee\Desktop\Calculator.lnk
2017-02-16 21:04 - 2017-02-16 21:04 - 00000210 _____ C:\Users\Lee\Desktop\MapleStory Status Checker.URL
2017-02-16 17:52 - 2017-02-16 18:21 - 00077552 _____ C:\Users\Lee\Desktop\AS_Latency_Check.txt
2017-02-16 17:51 - 2017-02-16 17:51 - 00001626 _____ C:\Users\Lee\Downloads\Asiasoft_Network_Diagnostic_Tool.bat
2017-02-16 06:55 - 2017-02-16 06:55 - 00000000 ____D C:\Users\Lee\AppData\Local\Macromedia
2017-02-16 06:54 - 2017-02-16 06:54 - 00000000 ____D C:\ProgramData\McAfee
2017-02-16 06:51 - 2017-02-16 06:55 - 00000000 ____D C:\Users\Lee\AppData\Local\Adobe
2017-02-15 22:01 - 2017-02-15 22:01 - 00000000 ____D C:\ProgramData\Nexon
2017-02-14 20:41 - 2017-02-14 20:41 - 00001178 _____ C:\Users\Public\Desktop\MapleStorySEA.lnk
2017-02-14 20:40 - 2017-02-14 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizet
2017-02-14 20:27 - 2017-02-14 20:27 - 00000000 ____D C:\Program Files (x86)\Wizet
2017-02-14 14:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-02-14 14:15 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-02-14 14:15 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-02-14 14:15 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-02-14 14:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-02-14 14:14 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-02-14 14:14 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-02-14 14:14 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-02-14 14:14 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-02-14 14:14 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-02-14 14:14 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-02-14 14:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-02-14 14:13 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-02-14 14:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-02-14 14:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-02-14 14:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-02-14 14:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-02-14 14:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-02-14 14:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-02-14 14:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-02-14 14:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-02-14 14:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-02-14 14:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-02-14 14:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-02-14 14:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-02-14 14:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-02-14 14:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-02-14 14:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-02-14 14:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-02-14 14:12 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-02-14 14:12 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-02-14 14:12 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-02-14 14:12 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-02-14 14:12 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-02-14 14:12 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-02-14 14:11 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-02-14 14:11 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-02-14 14:11 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-02-14 14:11 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-02-14 14:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-02-14 14:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-02-14 14:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-02-14 14:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-02-14 14:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-02-14 14:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-02-14 14:10 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-02-14 14:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-02-14 14:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-02-14 14:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-02-14 14:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-02-14 14:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-02-14 14:10 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-02-14 14:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-02-14 14:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-02-14 14:10 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-02-14 14:10 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-02-14 14:10 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-02-14 14:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-02-14 14:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-02-14 14:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-02-14 14:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-02-14 14:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-02-14 14:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-02-14 14:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-02-14 14:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-02-14 14:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-02-14 14:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-02-14 14:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-02-14 14:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-02-14 14:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-02-14 14:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-02-14 14:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-02-14 14:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-02-14 14:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-02-14 14:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-02-14 14:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-02-14 14:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-02-14 14:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-02-14 14:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-02-14 14:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-02-14 14:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-02-14 14:09 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-02-14 14:09 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Sun
2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\Users\Lee\AppData\LocalLow\Sun
2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-14 13:25 - 2017-02-14 13:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-14 13:24 - 2017-02-14 13:25 - 00000000 ____D C:\ProgramData\Oracle
2017-02-14 13:24 - 2017-02-14 13:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-14 13:13 - 2017-02-14 13:13 - 00738880 _____ (Oracle Corporation) C:\Users\Lee\Downloads\jxpiinstall.exe
2017-02-12 19:38 - 2017-03-01 12:40 - 00371712 ___SH C:\Users\Lee\Downloads\Thumbs.db
2017-02-11 20:26 - 2017-03-04 10:17 - 00000000 ____D C:\Users\Lee\AppData\Local\CrashDumps
2017-02-11 09:38 - 2017-02-11 09:38 - 00000000 ____D C:\Users\Lee\AppData\Roaming\OpenOffice
2017-02-11 09:31 - 2017-02-11 09:31 - 00001154 _____ C:\Users\Lee\Desktop\Wordpad.lnk
2017-02-10 20:34 - 2017-02-10 20:35 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-02-10 20:34 - 2017-02-10 20:34 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
2017-02-10 20:34 - 2017-02-10 20:34 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-02-10 20:32 - 2017-02-10 20:32 - 00000000 ____D C:\Users\Lee\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
2017-02-10 18:55 - 2017-02-10 19:54 - 140742472 _____ C:\Users\Lee\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
2017-02-10 16:29 - 2017-02-10 16:29 - 01038336 _____ C:\Users\Lee\Downloads\PlayparkDownloader_v0.3.6.1.msi
2017-02-10 16:29 - 2017-02-10 16:29 - 00003101 _____ C:\Users\Lee\Desktop\Playpark Downloader.lnk
2017-02-10 16:29 - 2017-02-10 16:29 - 00003061 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark Downloader.lnk
2017-02-10 16:29 - 2017-02-10 16:29 - 00000000 ____D C:\Program Files (x86)\Asiasoft Online
2017-02-10 14:06 - 2017-02-10 14:06 - 00000000 ____D C:\Users\Lee\AppData\Local\NVIDIA Corporation
2017-02-10 14:05 - 2017-02-10 14:05 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-10 14:03 - 2016-04-14 13:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-10 14:03 - 2016-04-14 13:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-10 14:03 - 2016-04-14 13:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\Users\Lee\AppData\Local\TeamViewer
2017-02-10 07:27 - 2017-02-23 11:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-10 07:27 - 2017-02-10 07:27 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-10 07:27 - 2017-02-10 07:27 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-02-10 07:27 - 2017-02-10 07:27 - 00000000 ____D C:\Users\Lee\AppData\Roaming\TeamViewer
2017-02-10 07:23 - 2017-02-10 07:26 - 14482152 _____ (TeamViewer GmbH) C:\Users\Lee\Downloads\TeamViewer_Setup.exe
2017-02-10 07:22 - 2017-02-27 18:53 - 00000000 ____D C:\Users\Lee\Documents\temp
2017-02-10 07:22 - 2017-02-10 07:22 - 00000000 ____D C:\GvTemp
2017-02-10 07:20 - 2017-02-10 07:20 - 00331464 _____ C:\Windows\Minidump\021017-39078-01.dmp
2017-02-09 20:56 - 2017-02-22 21:34 - 00000000 ____D C:\Users\Lee\AppData\Local\NVIDIA
2017-02-09 20:56 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-02-09 20:53 - 2017-02-20 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 20:53 - 2016-01-23 09:12 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-09 20:52 - 2016-01-23 11:42 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-09 20:52 - 2016-01-23 11:42 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 06368312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 02992064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 01263040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2017-02-09 20:50 - 2016-01-23 09:04 - 00532024 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-09 20:50 - 2016-01-23 05:07 - 06125650 _____ C:\Windows\system32\nvcoproc.bin
2017-02-09 20:48 - 2016-01-23 11:42 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436175.dll
2017-02-09 20:48 - 2016-01-23 11:42 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436175.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 42983992 _____ C:\Windows\system32\nvcompiler.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 37614528 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 31079992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 24911296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 21193544 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 20733832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 17626352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 17218792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 16995064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 14016576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 12379072 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-09 20:46 - 2016-01-23 11:42 - 03258664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 03145272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 02721216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00948672 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00880576 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00747064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00689600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00501896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00468960 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-09 20:37 - 2017-03-04 12:01 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-02-09 20:37 - 2017-02-09 20:37 - 00002767 _____ C:\Users\Public\Desktop\GIGABYTE OC_GURU.lnk
2017-02-09 20:37 - 2017-02-09 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-02-09 20:36 - 2017-02-09 20:36 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2017-02-09 19:58 - 2017-02-20 13:49 - 00000000 ____D C:\Users\Lee\AppData\Roaming\MPC-HC
2017-02-09 19:56 - 2017-02-09 19:56 - 00001239 _____ C:\Users\Lee\Desktop\Media Player Classic.lnk
2017-02-09 18:55 - 2017-02-09 18:55 - 00003156 _____ C:\Windows\System32\Tasks\klcp_update
2017-02-09 18:54 - 2017-02-09 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-02-09 18:54 - 2017-02-09 18:54 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-02-09 18:54 - 2016-05-08 18:27 - 03613696 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2017-02-09 18:54 - 2016-05-08 18:19 - 03642880 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00674816 _____ C:\Windows\SysWOW64\xvidcore.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00282112 _____ C:\Windows\SysWOW64\xvidvfw.dll
2017-02-09 18:54 - 2015-10-25 01:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2017-02-09 18:54 - 2012-07-21 19:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2017-02-09 18:54 - 2012-07-21 19:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2017-02-09 18:54 - 2011-12-08 02:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2017-02-09 18:54 - 2011-12-08 02:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2017-02-09 18:25 - 2017-02-09 18:31 - 43807219 _____ (KLCP ) C:\Users\Lee\Downloads\K-Lite_Codec_Pack_1290_Mega.exe
2017-02-09 18:23 - 2017-02-09 18:24 - 01006644 _____ ( ) C:\Users\Lee\Downloads\CodecTweakTool_615.exe
2017-02-09 18:05 - 2017-03-04 11:55 - 00000000 ____D C:\Users\Lee\AppData\LocalLow\Mozilla
2017-02-09 17:21 - 2017-02-09 18:16 - 00000000 ____D C:\Users\Lee\AppData\Local\Mozilla
2017-02-09 17:21 - 2017-02-09 18:05 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Mozilla
2017-02-09 17:21 - 2017-02-09 17:21 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 17:21 - 2017-02-09 17:21 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-09 17:21 - 2017-02-09 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-09 17:20 - 2017-02-09 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-09 16:23 - 2017-02-09 16:24 - 00410408 _____ C:\Windows\Minidump\020917-21218-01.dmp
2017-02-09 09:53 - 2017-02-10 07:20 - 00000000 ____D C:\Windows\Minidump
2017-02-09 09:53 - 2017-02-10 07:19 - 271268873 _____ C:\Windows\MEMORY.DMP
2017-02-09 09:53 - 2017-02-09 09:54 - 00379704 _____ C:\Windows\Minidump\020917-23109-01.dmp
2017-02-09 06:22 - 2017-02-09 06:17 - 00000355 __RSH C:\Boot.ini.saved
2017-02-09 06:22 - 2013-08-22 13:17 - 02407936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-02-09 06:17 - 2017-02-09 06:17 - 00008192 __RSH C:\BOOTSECT.BAK
2017-02-09 06:17 - 2017-02-08 14:47 - 00000000 ____D C:\Windows\Panther
2017-02-09 06:17 - 2012-06-18 13:10 - 00000211 ____H C:\Boot.BAK
2017-02-09 06:09 - 2017-02-12 06:03 - 00000000 ____D C:\Windows.old
2017-02-08 22:26 - 2017-02-08 22:26 - 00405632 _____ C:\Users\Lee\AppData\Roaming\qd1486563965.sy_
2017-02-08 22:25 - 2017-02-08 22:26 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Tmp
2017-02-08 22:25 - 2017-02-08 22:25 - 00000000 ____D C:\Windows\OEM8
2017-02-08 18:04 - 2017-02-08 18:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-02-08 17:25 - 2017-02-08 17:25 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 17:25 - 2016-09-10 02:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-08 17:25 - 2016-09-10 02:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-02-08 17:25 - 2016-09-10 02:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-08 17:25 - 2016-09-10 02:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-08 17:24 - 2017-03-04 08:59 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 17:24 - 2017-01-04 15:31 - 00222648 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-02-08 17:24 - 2017-01-04 15:31 - 00210360 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-02-08 16:29 - 2017-02-24 13:09 - 00443438 _____ C:\Windows\system32\prfh0804.dat
2017-02-08 16:29 - 2017-02-24 13:09 - 00135458 _____ C:\Windows\system32\prfc0804.dat
2017-02-08 16:29 - 2017-02-08 16:27 - 00113084 _____ C:\Windows\system32\prfi0804.dat
2017-02-08 16:29 - 2017-02-08 16:27 - 00033362 _____ C:\Windows\system32\prfd0804.dat
2017-02-08 16:27 - 2017-02-08 16:27 - 00000000 ____D C:\Windows\SysWOW64\zh-HANS
2017-02-08 16:27 - 2017-02-08 16:27 - 00000000 ____D C:\Windows\system32\zh-HANS
2017-02-08 15:12 - 2017-02-08 15:14 - 00001908 _____ C:\Windows\diagwrn.xml
2017-02-08 15:12 - 2017-02-08 15:14 - 00001908 _____ C:\Windows\diagerr.xml
2017-02-08 15:05 - 2017-02-08 15:05 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Macromedia
2017-02-08 14:54 - 2017-02-17 14:32 - 00000000 ___RD C:\Users\Lee\SkyDrive.old
2017-02-08 14:53 - 2017-03-04 12:05 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1811311261-2537790386-1638266141-1001
2017-02-08 14:50 - 2017-02-16 07:28 - 01358934 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-08 14:48 - 2017-02-08 14:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-08 14:47 - 2017-02-27 18:00 - 00000000 ____D C:\Users\Lee\AppData\Local\VirtualStore
2017-02-08 14:47 - 2017-02-27 17:48 - 00000000 ____D C:\Users\Lee\AppData\Local\Packages
2017-02-08 14:47 - 2017-02-08 14:47 - 00001446 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-08 14:47 - 2017-02-08 14:47 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Adobe
2017-02-08 14:46 - 2017-02-22 21:32 - 00000000 ____D C:\Users\Lee
2017-02-08 14:46 - 2017-02-08 14:46 - 00000020 ___SH C:\Users\Lee\ntuser.ini
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\My Documents
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Videos
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Pictures
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Music
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 ____D C:\Windows\CSC
2017-02-08 14:46 - 2013-08-29 20:35 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Media Center Programs
2017-02-07 18:59 - 2017-02-07 18:59 - 00000000 ____D C:\NVIDIA
2017-02-07 17:53 - 2017-02-07 18:05 - 00000000 ____D C:\Documents and Settings 2
2017-02-07 17:53 - 2017-02-07 17:53 - 00000000 ____D C:\program files2
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-04 08:59 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-03 20:57 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-03-02 13:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2017-03-02 12:55 - 2013-08-22 22:44 - 00369184 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-28 14:21 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2017-02-27 20:23 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-27 15:26 - 2015-12-22 23:49 - 00000000 ___HD C:\Peter
2017-02-24 20:17 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2017-02-24 13:09 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-24 13:07 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-02-24 13:07 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\MUI
2017-02-18 12:25 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 06:54 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-16 06:54 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-10 20:32 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-09 20:53 - 2012-06-18 13:21 - 00000000 ____D C:\Temp
2017-02-09 20:50 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Help
2017-02-09 06:17 - 2013-08-22 23:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2017-02-08 18:04 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-08 16:27 - 2013-08-23 03:11 - 00000000 ____D C:\Program Files\Windows Journal
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\winrm
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\winrm
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\WCN
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\slmgr
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ___SD C:\Windows\system32\dsc
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\WinStore
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\migwiz
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Com
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\IME
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\FileManager
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Sysprep
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\oobe
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Dism
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\servicing
2017-02-08 15:08 - 2013-08-22 23:36 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-08 14:47 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Camera
==================== Files in the root of some directories =======
2017-02-08 22:26 - 2017-02-08 22:26 - 0405632 _____ () C:\Users\Lee\AppData\Roaming\qd1486563965.sy_
Some files in TEMP:
====================
2017-02-16 17:21 - 2017-02-16 17:21 - 0000512 _____ () C:\Users\Lee\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll
2017-02-16 17:21 - 2017-02-26 16:29 - 0000056 _____ () C:\Users\Lee\AppData\Local\Temp\711b6bd6e9321fbd57eb396eb6436e7f.dll
2017-03-03 20:55 - 2017-03-03 07:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Lee\AppData\Local\Temp\HitmanPro.exe
2017-02-08 17:25 - 2016-12-29 20:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\Lee\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-09 20:47 - 2016-12-29 20:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\Lee\AppData\Local\Temp\nvStInst.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-23 07:07
==================== End of FRST.txt ============================
#10
Posted 03 March 2017 - 10:15 PM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2017
Ran by Lee (04-03-2017 12:05:43)
Running from C:\Users\Lee\Documents\Virus\geekstogo
Windows 8.1 Pro with Media Center (X64) (2017-02-08 06:47:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1811311261-2537790386-1638266141-500 - Administrator - Disabled)
Guest (S-1-5-21-1811311261-2537790386-1638266141-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1811311261-2537790386-1638266141-1003 - Limited - Enabled)
Lee (S-1-5-21-1811311261-2537790386-1638266141-1001 - Administrator - Enabled) => C:\Users\Lee
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.96.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.96.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
ILLUSION SexyビーチZERO (HKLM-x32\...\{51FAC155-0705-4EA0-B00F-7955676627BF}) (Version: 1.00.0000 - ILLUSION)
ILLUSION おっぱいスライダー2 (HKLM-x32\...\{6B0B39AC-22EC-44AA-AEBB-B9E52250FEED}) (Version: 1.00.0000 - ILLUSION)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Mega Codec Pack 12.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.0 - KLCP)
MapleStorySEA version 1.50 (HKLM-x32\...\{838168F3-D9F3-4FC0-B818-1E6E7B7831D5}_is1) (Version: 1.50 - Asiasoft Online Pte.Ltd.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Playpark Downloader (HKLM-x32\...\{D81B5861-F391-4905-A779-8A82994F3A00}) (Version: 0.3.6 - Asiasoft Online)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
μTorrent (HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
完美游戏平台 (HKLM-x32\...\PGP) (Version: 2.5.9.1227 - PWRD, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1B7E15E4-76FB-4718-A15A-6F7E5136B5FB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-01] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-02-09 20:50 - 2016-01-23 09:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-02-09 20:54 - 2016-06-15 09:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-02-09 20:54 - 2016-06-15 09:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-02-08 22:26 - 2017-02-08 22:26 - 00267264 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll
2017-02-10 08:28 - 2017-02-10 08:29 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 21:25 - 2017-03-02 12:53 - 00000890 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 xhamsterxxx.xyz
127.0.0.1 www.duba.com
127.0.0.1
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WmgpService => 3
HKLM\...\StartupApproved\StartupFolder: => "GIGABYTE OC_GURU.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\StartupApproved\Run: => "AlcoholAutomount"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3D6F92E3-5410-4DE7-B339-F5E136873626}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F6AFA09-7D4F-442A-8CE8-E94012BEFA8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{946B61ED-7E76-40CE-B325-817EE0A737C4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{375D0796-CF8C-4FED-8D6E-5B15F65BFE48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4A9CC1BB-C7CD-414D-917F-15A8EED342CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B85BA918-4485-43EE-9449-D5648F7C5D9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2E68CAFE-BCAF-4CDA-87BA-65E678FE5BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{71CA6087-8F98-49D6-81B7-5F2EF7A2876C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CEE6F92C-DA85-42D5-8549-20A47DEFDB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D022D86D-9A8B-462D-983A-569475070C34}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{51B6253F-D390-415D-8D37-2148E279EAF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{85D540F2-E186-4B47-B1F3-F579F19CF756}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B4CEF642-48ED-48A5-A461-3927C62A95F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{C96E1ACA-8541-49DF-95C8-BF33A252A5DE}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{D68801A9-2992-4058-9E70-7679EE1A8E61}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{91938808-AF53-46DD-BA75-446E783DD0C4}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{F08F38FA-6230-4309-8C10-7DBC9D0D570D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{9C817201-D5D9-4144-9ACA-E5DBAEA3489A}] => (Allow) C:\Program Files (x86)\PGP\wmgp.exe
FirewallRules: [{3D880ABF-D6D1-4019-B36E-3A2187F73D15}] => (Allow) C:\Program Files (x86)\PGP\wmgp.exe
FirewallRules: [{CA42FA96-8EB6-4DFD-8A62-D29BF3B079B4}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebGame.exe
FirewallRules: [{4F8A94C2-39B0-40E1-86EB-64545DB9C0E4}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebGame.exe
FirewallRules: [{860A50E9-9789-4ECA-9041-B147550F8DB2}] => (Allow) C:\Program Files (x86)\PGP\WmgpBrowser.exe
FirewallRules: [{33B1BA51-BEB5-458C-9B75-600C14CF0AC8}] => (Allow) C:\Program Files (x86)\PGP\WmgpBrowser.exe
FirewallRules: [{755296EB-0819-4537-9994-151B706F1DEE}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebBooster.exe
FirewallRules: [{7DFD6D21-7FEB-44C3-B617-5564864043A7}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebBooster.exe
FirewallRules: [{DBD0BBFB-14BE-455A-98BB-AD67B065BF22}] => (Allow) C:\Program Files (x86)\PGP\XunLei\download\MiniThunderPlatform.exe
FirewallRules: [{552BEAB5-5A76-4ED1-81BB-5384C11E80DE}] => (Allow) C:\Program Files (x86)\PGP\XunLei\download\MiniThunderPlatform.exe
FirewallRules: [{F52A5708-F3E7-45EE-B616-B5D24B48721B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{5C95202A-2C7E-4A12-870D-7446E5F28B8E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{7856266E-56C8-4874-9F8E-E5D1FEFA279F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{24885D04-D094-4341-9EFD-225DEBB8B1A3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{520FA5FB-7D30-416D-983D-5B159E4B27D3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{360BF758-9FCD-4BF8-89FB-DA267AA6F92C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{09E5A488-7AEB-4C2A-8AA7-69B6B264DB60}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F65CD03-5030-47F8-BD17-D413DEBDC391}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E2C7DBA4-C68F-4D6A-BA56-1D314404092F}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{37522116-8C98-4992-9973-12FDFCB8DF29}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E04F20B-22A6-4B02-AB1E-5BA1A6BAEF4D}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B8EC7065-46E9-4F2D-A7F6-A4E664C8CA42}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5DFB6AF9-41C6-41FD-975B-459E654BA093}] => (Allow) %ProgramFiles% (x86)\Wizet\MapleStorySEA\MapleStory.exe
FirewallRules: [{02A081D6-A909-40FC-A7B9-D1A641FE3872}] => (Allow) C:\Windows\Explorer.EXE
FirewallRules: [{B713A9BB-3A39-4367-84E8-1BB4F0593DD6}] => (Allow) C:\Windows\Explorer.EXE
==================== Restore Points =========================
03-03-2017 07:12:53 JRT Pre-Junkware Removal
03-03-2017 21:24:45 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/04/2017 10:17:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x57cd2fb9
Faulting module name: jscript9.dll, version: 11.0.9600.16384, time stamp: 0x52158459
Exception code: 0xc0000005
Fault offset: 0x0035628b
Faulting process id: 0x172c
Faulting application start time: 0x01d2948d1d885224
Faulting application path: c:\windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\jscript9.dll
Report Id: bebcade2-0080-11e7-8287-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/04/2017 10:01:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x5774b37e
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16384, time stamp: 0x52158f2d
Exception code: 0xc000041d
Fault offset: 0x00013d67
Faulting process id: 0x764
Faulting application start time: 0x01d2948b3fe9a5af
Faulting application path: c:\windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report Id: 85701051-007e-11e7-8287-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/04/2017 09:58:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x57cd2fb9
Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x57cd2fb9
Exception code: 0xc0000005
Fault offset: 0x00040c43
Faulting process id: 0x15b0
Faulting application start time: 0x01d2948ad3c6d88f
Faulting application path: c:\windows\SysWOW64\svchost.exe
Faulting module path: c:\windows\SysWOW64\svchost.exe
Report Id: 1c1d4976-007e-11e7-8287-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/04/2017 09:46:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Exception code: 0xc0000005
Fault offset: 0x000db6e0
Faulting process id: 0xf18
Faulting application start time: 0x01d29482b113b353
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SysWOW64\svchost.exe
Report Id: 61157c5c-007c-11e7-8287-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/04/2017 09:46:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Exception code: 0xc00001a5
Fault offset: 0x016d35d9
Faulting process id: 0xf18
Faulting application start time: 0x01d29482b113b353
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SysWOW64\svchost.exe
Report Id: 5f2f1c99-007c-11e7-8287-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/04/2017 09:00:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (03/04/2017 09:00:25 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (03/03/2017 10:04:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Exception code: 0xc0000005
Fault offset: 0x0107f484
Faulting process id: 0xf48
Faulting application start time: 0x01d29426ff5f1d4c
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SysWOW64\svchost.exe
Report Id: 4f1a98ba-001a-11e7-8286-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2017 10:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Exception code: 0xc00001a5
Fault offset: 0x016d101b
Faulting process id: 0xf48
Faulting application start time: 0x01d29426ff5f1d4c
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SysWOW64\svchost.exe
Report Id: 4dfaa5aa-001a-11e7-8286-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2017 09:36:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (1340) IndexedDb: Database recovery/restore failed with unexpected error -1216.
System errors:
=============
Error: (03/04/2017 11:15:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (03/04/2017 10:08:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (03/03/2017 10:10:07 PM) (Source: DCOM) (EventID: 10010) (User: PETERLEE)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
Error: (03/03/2017 10:10:07 PM) (Source: DCOM) (EventID: 10010) (User: PETERLEE)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
Error: (03/03/2017 10:10:07 PM) (Source: DCOM) (EventID: 10010) (User: PETERLEE)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
Error: (03/03/2017 10:10:07 PM) (Source: DCOM) (EventID: 10010) (User: PETERLEE)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
Error: (03/03/2017 09:25:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (03/03/2017 09:25:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
The service did not start due to a logon failure.
Error: (03/03/2017 09:19:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.
CodeIntegrity:
===================================
Date: 2017-02-08 17:21:22.165
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 2047.11 MB
Available physical RAM: 1064.62 MB
Total Virtual: 4095.11 MB
Available Virtual: 2512.18 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.78 GB) (Free:113.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:232.88 GB) (Free:57.35 GB) NTFS
Drive f: (KINGSTON32) (Removable) (Total:29.28 GB) (Free:2.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 87A087A0)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.3 GB) (Disk ID: 3351A1EF)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#11
Posted 03 March 2017 - 10:17 PM
C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll
Detection ratio: 0/58
2 files below not shown:
C:\Windows\system32\MpKsluhmVv.dll - detection ration 3/57
renamed to mpksluhmvv.dll
DrWeb Trojan.Gudr.2 20170303
Qihoo-360 Trojan.Generic 20170303
Tencent Win32.Rootkit.Gen.Tsjh 20170303
C:\Windows\system32\MpKsljsDmE.dll - Detection ratio: 3/57
renamed to mpksljsdme.dll
DrWeb Trojan.Gudr.2 20170303
Qihoo-360 Trojan.Generic 20170303
Tencent Win32.Rootkit.Gen.Tsjh 20170303
#12
Posted 04 March 2017 - 08:11 AM
Could you answer my questions from the previous post?
#13
Posted 04 March 2017 - 08:38 AM
TeamViewer? yes
SoftEther VPN Client? yes
完美游戏平台 (HKLM-x32\...\PGP) (Version: 2.5.9.1227 - PWRD, Inc.)? Translates from Japanese as Perfect Model no idea what it does. = perfect world - game from china - installed
ILLUSION SexyビーチZERO (HKLM-x32\...\{51FAC155-0705-4EA0-B00F-7955676627BF}) (Version: 1.00.0000 - ILLUSION)? = japanese game
ILLUSION おっぱいスライダー2 (HKLM-x32\...\{6B0B39AC-22EC-44AA-AEBB-B9E52250FEED}) (Version: 1.00.0000 - ILLUSION) ? - japanese game
#14
Posted 04 March 2017 - 08:44 AM
ok. If either of the first two are set up to allow remote access, change the passwords and make them at least 8 characters and don't use words that might be in a dictionary.
#15
Posted 04 March 2017 - 08:49 AM
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by Lee (04-03-2017 22:40:55) Run:1
Running from C:\Users\Lee\Documents\Virus\geekstogo
Loaded Profiles: Lee (Available Profiles: Lee)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CMD: del /a /q c:\windows\prefetch\*.pf
ShellIconOverlayIdentifiers: [StorageProviderErrorEx] -> {1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll [2017-02-08] ()
C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power
GroupPolicyScripts: Restriction <======= ATTENTION
FF Plugin-x32: @wanmei.com/npArcPlayNowPlugin -> [No File]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2017-02-26 08:04 - 2017-02-26 08:04 - 00405536 _____ C:\Windows\system32\MpKsluhmVv.dll
2017-02-20 12:11 - 2017-02-20 12:11 - 00405536 _____ C:\Windows\system32\MpKsljsDmE.dll
2017-02-08 22:26 - 2017-02-08 22:26 - 00405632 _____ C:\Users\Lee\AppData\Roaming\qd1486563965.sy_
2017-02-08 22:26 - 2017-02-08 22:26 - 0405632 _____ () C:\Users\Lee\AppData\Roaming\qd1486563965.sy_
2017-02-16 17:21 - 2017-02-16 17:21 - 0000512 _____ () C:\Users\Lee\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll
2017-02-16 17:21 - 2017-02-26 16:29 - 0000056 _____ () C:\Users\Lee\AppData\Local\Temp\711b6bd6e9321fbd57eb396eb6436e7f.dll
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E0D4D73-3AB0-4B3A-F33C-81AE7BF00382}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E4BD64D-C4B6-2C56-6271-9528F68E902C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E527C76-757F-A71E-C1E3-607BC2A6F5BC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E7302C3-487D-F915-4D3C-9664CDDCB4C2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E8B7A22-F28E-BC0D-F842-EC9C65A7C699}\InprocServer32 -> no filepath
2017-02-08 22:26 - 2017-02-08 22:26 - 00267264 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
reboot:
*****************
========= del /a /q c:\windows\prefetch\*.pf =========
========= End of CMD: =========
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\StorageProviderErrorEx => key removed successfully
HKCR\CLSID\{1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => key not found.
C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@wanmei.com/npArcPlayNowPlugin => key removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
C:\Windows\system32\MpKsluhmVv.dll => moved successfully
C:\Windows\system32\MpKsljsDmE.dll => moved successfully
C:\Users\Lee\AppData\Roaming\qd1486563965.sy_ => moved successfully
"C:\Users\Lee\AppData\Roaming\qd1486563965.sy_" => not found.
C:\Users\Lee\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll => moved successfully
C:\Users\Lee\AppData\Local\Temp\711b6bd6e9321fbd57eb396eb6436e7f.dll => moved successfully
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => key removed successfully
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F4BD64D-C4B6-2C56-6271-9528F68E902C} => key removed successfully
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F527C76-757F-A71E-C1E3-607BC2A6F5BC} => key removed successfully
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F7302C3-487D-F915-4D3C-9664CDDCB4C2} => key removed successfully
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{1F8B7A22-F28E-BC0D-F842-EC9C65A7C699} => key removed successfully
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E0D4D73-3AB0-4B3A-F33C-81AE7BF00382} => key removed successfully
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E4BD64D-C4B6-2C56-6271-9528F68E902C} => key removed successfully
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E527C76-757F-A71E-C1E3-607BC2A6F5BC} => key removed successfully
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E7302C3-487D-F915-4D3C-9664CDDCB4C2} => key removed successfully
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001_Classes\CLSID\{2E8B7A22-F28E-BC0D-F842-EC9C65A7C699} => key removed successfully
"C:\Users\Lee\AppData\Local\Microsoft\Windows\Explorer\Power\Power64.dll" => not found.
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 22:41:38 ====
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users