FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Lee (administrator) on MSI on 21-07-2015 10:35:49
Running from C:\Users\Lee\Downloads\Programs
Loaded Profiles: Lee (Available Profiles: Lee)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() D:\Online Game\Garena\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Shenzhen QVOD Technology Co.,Ltd) C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-08-19] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3273480 2014-08-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-03] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-03] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-01-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-22] (MSI)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [884440 2015-05-28] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QvodTerminal] => C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe [1079216 2012-07-13] (Shenzhen QVOD Technology Co.,Ltd)
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-27] (SteelSeries ApS)
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-17] (Tonec Inc.)
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\Run: [Steam] => D:\Online Game\Steam\steam.exe [2892992 2015-06-05] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-08-22]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4692B750-DE88-4DCF-9163-745AF5604B24}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [GiraffeOverlay] -> {E1D78D6A-8183-8F10-108D-8850224DC790} => C:\Users\Lee\AppData\Local\Giraffe\Giraffe.dll [2015-04-05] (Funshion)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:61906;https=127.0.0.1:61906
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2144783805-3887696613-600744108-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2144783805-3887696613-600744108-1001 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=58051076_oem_dg&ch=33
BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\Program Files (x86)\QvodPlayer\QvodExtend.dll [2012-04-21] (Shenzhen QVOD Technology Co.,Ltd)
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-15] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DA06E88B-1DFE-43E0-906D-3AF7D182CABA}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ppdgijms.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-11] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-04-07] (Nexon)
FF Plugin-x32: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [2012-07-20] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Online Game\Garena\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @xigua.com/npxgax -> C:\Program Files (x86)\xigua\2.12.0.5\npxgax.dll No File
FF Plugin HKU\S-1-5-21-2144783805-3887696613-600744108-1001: gf2.gameflier.com/WebLauncher -> C:\GF2_WebLaunch\npWebLauncher.dll No File
FF HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Lee\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Lee\AppData\Roaming\IDM\idmmzcc5 [2015-05-02]
FF HKU\S-1-5-21-2144783805-3887696613-600744108-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Lee\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR Profile: C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-29]
CHR Extension: (Google Docs) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-29]
CHR Extension: (Google Drive) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-29]
CHR Extension: (YouTube) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-29]
CHR Extension: (Google Search) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-29]
CHR Extension: (Google Sheets) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-29]
CHR Extension: (IDM Integration Module) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-06-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-14]
CHR Extension: (Google Wallet) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-12]
CHR Extension: (Gmail) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-05-28] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-28] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [806616 2015-05-28] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2014-08-19] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-08-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-03] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-22] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-30] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3419048 2014-09-03] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-18] (Qualcomm Atheros) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-30] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [82608 2014-04-11] (Qualcomm Atheros, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145112 2015-05-28] (BlueStack Systems)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-04] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [187336 2014-08-19] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-28] (Qualcomm Atheros, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28640 2015-04-29] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466648 2014-08-19] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (SteelSeries Corporation)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-28] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-04-28] (The OpenVPN Project)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-08] ()
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 GGSAFERDriver; \??\D:\Games\Garena Plus\Room\safedrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-21 10:35 - 2015-07-21 10:35 - 00000000 ____D C:\FRST
2015-07-21 10:33 - 2015-07-21 10:33 - 00688992 _____ (Swearware) C:\Users\Lee\Downloads\dds.scr
2015-07-20 13:00 - 2015-07-20 13:00 - 00000710 _____ C:\Users\Lee\Downloads\Desktop - Shortcut.lnk
2015-07-19 23:23 - 2015-07-19 23:23 - 00000000 ____D C:\Users\Public\Fundata
2015-07-19 10:57 - 2015-07-21 01:30 - 00000000 ____D C:\Users\Lee\Desktop\ClashBot_7.4
2015-07-17 07:20 - 2015-07-14 07:27 - 2668893206 _____ C:\Users\Lee\Desktop\2015-07-14 - [Comedy Movie - US]【Spy 女间谍】.mp4
2015-07-17 07:20 - 2015-07-13 05:37 - 2307238387 _____ C:\Users\Lee\Desktop\2015-07-14 - [Comedy Movie - US]【Ted 2 泰迪熊 2】.mp4
2015-07-17 02:08 - 2015-07-17 02:08 - 00001059 _____ C:\Users\Public\Desktop\快播.lnk
2015-07-17 02:08 - 2015-07-17 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\快播软件
2015-07-17 02:07 - 2015-07-17 02:08 - 00000000 ____D C:\Program Files (x86)\QvodPlayer
2015-07-17 01:47 - 2015-07-17 01:52 - 00000000 ____D C:\Users\Lee\Desktop\NBA 2K14
2015-07-17 01:46 - 2015-07-17 01:46 - 00000000 ____D C:\ProgramData\Steam
2015-07-17 00:17 - 2015-07-21 00:38 - 00003426 _____ C:\Windows\setupact.log
2015-07-17 00:17 - 2015-07-17 00:17 - 00000000 _____ C:\Windows\setuperr.log
2015-07-17 00:16 - 2015-07-17 00:17 - 00492656 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 14:53 - 2015-07-21 10:36 - 00818877 _____ C:\Windows\WindowsUpdate.log
2015-07-16 05:01 - 2015-06-30 06:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-16 05:01 - 2015-06-29 23:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-16 05:01 - 2015-06-29 23:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-16 05:01 - 2015-06-29 23:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-16 05:01 - 2015-06-29 23:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-16 05:01 - 2015-06-29 23:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-16 05:01 - 2015-06-27 07:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-16 05:01 - 2015-06-27 07:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-16 05:01 - 2015-05-12 21:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-16 05:01 - 2015-05-12 02:17 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-16 05:01 - 2015-05-12 00:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-16 05:01 - 2015-05-08 01:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-16 05:01 - 2015-05-08 01:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-16 05:01 - 2015-05-08 00:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-16 05:01 - 2015-05-08 00:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-16 05:01 - 2015-05-07 23:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-16 05:01 - 2015-05-07 23:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-16 05:01 - 2015-05-03 23:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 05:01 - 2015-05-03 23:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-16 05:01 - 2015-05-03 22:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 05:01 - 2015-05-03 22:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-16 05:01 - 2015-05-03 22:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-16 05:01 - 2015-05-03 22:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-16 05:01 - 2015-05-03 08:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-16 05:01 - 2015-05-02 07:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-16 05:01 - 2015-04-30 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-16 05:01 - 2015-04-28 21:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-16 05:01 - 2015-04-28 21:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-16 05:01 - 2015-04-25 10:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-16 05:01 - 2015-04-23 23:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-16 05:01 - 2015-04-23 23:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-16 05:01 - 2014-11-05 03:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-16 05:01 - 2014-11-05 03:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-16 05:01 - 2014-11-04 14:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-16 05:01 - 2014-11-04 14:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-16 05:01 - 2014-11-04 14:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-16 05:01 - 2014-11-04 14:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-15 10:36 - 2015-07-10 03:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 10:36 - 2015-07-10 02:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 10:36 - 2015-07-10 00:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 10:36 - 2015-07-09 23:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 10:36 - 2015-07-09 23:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 10:36 - 2015-07-09 23:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 10:36 - 2015-07-09 23:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 10:36 - 2015-07-09 23:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 10:36 - 2015-07-09 23:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 10:36 - 2015-07-09 23:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 10:36 - 2015-07-09 23:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 10:36 - 2015-07-09 23:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 10:36 - 2015-07-09 23:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 10:36 - 2015-06-27 11:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 10:36 - 2015-06-27 11:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 10:36 - 2015-06-27 10:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 10:35 - 2015-07-03 21:52 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 10:35 - 2015-07-03 21:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 10:35 - 2015-07-03 21:50 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 10:35 - 2015-07-03 21:50 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 10:35 - 2015-07-03 05:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 10:35 - 2015-07-03 04:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 10:35 - 2015-07-03 04:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 10:35 - 2015-07-03 04:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 10:35 - 2015-07-03 04:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 10:35 - 2015-07-03 03:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 10:35 - 2015-07-03 03:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 10:35 - 2015-07-03 02:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 10:35 - 2015-07-02 06:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 10:35 - 2015-07-02 05:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 10:35 - 2015-06-28 13:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 10:35 - 2015-06-28 13:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 10:35 - 2015-06-28 13:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 10:35 - 2015-06-28 13:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 10:35 - 2015-06-28 00:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 10:35 - 2015-06-27 11:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 10:35 - 2015-06-27 11:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 10:35 - 2015-06-27 11:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 10:35 - 2015-06-27 10:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 10:35 - 2015-06-27 10:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 10:35 - 2015-06-27 10:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 10:35 - 2015-06-27 09:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 10:35 - 2015-06-27 09:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 10:35 - 2015-06-25 10:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 10:35 - 2015-06-16 13:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 10:35 - 2015-06-16 13:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 10:35 - 2015-06-16 06:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 10:35 - 2015-06-16 06:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 10:35 - 2015-06-16 06:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 10:35 - 2015-06-16 06:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 10:35 - 2015-06-16 06:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 10:35 - 2015-06-16 06:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 10:35 - 2015-06-16 06:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 10:35 - 2015-06-16 05:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 10:35 - 2015-06-16 05:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 10:35 - 2015-06-16 05:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 10:35 - 2015-06-16 05:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 10:35 - 2015-06-16 05:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 10:35 - 2015-06-16 05:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 10:35 - 2015-06-16 05:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 10:35 - 2015-06-16 05:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 10:35 - 2015-06-16 05:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 10:35 - 2015-06-16 05:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 10:35 - 2015-06-16 05:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 10:35 - 2015-06-16 05:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 10:35 - 2015-06-16 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 10:35 - 2015-06-16 05:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 10:35 - 2015-06-16 05:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 10:35 - 2015-06-16 05:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 10:35 - 2015-06-16 04:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 10:35 - 2015-06-16 04:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 10:35 - 2015-06-16 04:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 10:35 - 2015-06-16 04:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 10:35 - 2015-06-16 04:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 10:35 - 2015-06-16 04:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 10:35 - 2015-06-16 04:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 10:35 - 2015-06-16 04:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 10:35 - 2015-06-16 04:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 10:35 - 2015-06-16 04:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 10:35 - 2015-06-16 04:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 10:35 - 2015-06-16 04:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 10:35 - 2015-06-16 04:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 10:35 - 2015-06-16 04:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 10:35 - 2015-06-16 04:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 10:35 - 2015-06-16 03:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 10:35 - 2015-06-11 11:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 10:35 - 2015-06-11 00:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 10:35 - 2015-05-31 05:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 10:35 - 2015-05-31 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 10:35 - 2015-05-31 03:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 10:35 - 2015-05-08 00:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 00:46 - 2015-07-15 00:46 - 00000731 _____ C:\Users\Lee\Desktop\NBA2K15 - Shortcut.lnk
2015-07-13 16:36 - 2015-07-19 10:45 - 00000024 _____ C:\Users\Lee\AppData\Roaming\appdataFr25.bin
2015-07-12 21:54 - 2015-07-12 21:54 - 00000665 _____ C:\INSTALL.LOG
2015-07-12 21:29 - 2015-07-21 00:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 21:29 - 2015-07-12 21:29 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-12 21:29 - 2015-07-12 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-12 21:29 - 2015-07-12 21:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-12 21:29 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-12 21:29 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-12 21:29 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-12 21:28 - 2015-07-12 21:28 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Lee\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-12 21:23 - 2015-07-12 21:23 - 02248704 _____ C:\Users\Lee\Downloads\adwcleaner_4.208.exe
2015-07-12 21:22 - 2015-07-12 21:22 - 00001990 _____ C:\Users\Lee\Desktop\Rkill.txt
2015-07-12 16:24 - 2015-07-12 18:13 - 00115679 _____ C:\spyhunter.fix
2015-07-12 16:24 - 2013-10-18 16:01 - 00285747 _____ C:\shldr
2015-07-12 16:24 - 2013-10-18 16:01 - 00008192 _____ C:\shldr.mbr
2015-07-12 15:08 - 2015-07-12 15:08 - 00003184 _____ C:\Windows\System32\Tasks\{ACD1E10F-76FC-4197-B5C1-1E07B9AFE5E8}
2015-07-12 14:36 - 2015-07-21 10:25 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 14:36 - 2015-07-21 01:46 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 14:36 - 2015-07-16 02:41 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-12 14:36 - 2015-07-16 02:41 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-12 14:25 - 2015-07-12 21:54 - 00000000 ____D C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2015-07-12 14:23 - 2015-07-12 14:23 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2015-07-12 14:13 - 2014-12-06 14:51 - 00000688 _____ C:\Users\Lee\Downloads\Instructions.txt
2015-07-12 13:44 - 2015-07-21 01:44 - 00000422 _____ C:\Windows\Tasks\EasyBank.job
2015-07-12 13:44 - 2015-07-12 13:44 - 00003304 _____ C:\Windows\System32\Tasks\EasyBank
2015-07-12 05:11 - 2015-07-12 05:11 - 00002146 _____ C:\Users\Lee\Desktop\Clash of Clans.lnk
2015-07-12 01:07 - 2015-07-12 01:07 - 00002358 _____ C:\Windows\system32\.crusader
2015-07-12 00:56 - 2015-07-12 01:07 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-11 11:42 - 2015-07-11 11:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-11 11:13 - 2015-07-11 11:13 - 00000000 _____ C:\autoexec.bat
2015-07-08 01:26 - 2015-07-08 01:26 - 00578899 _____ C:\Users\Lee\Downloads\Lab 2.zip
2015-07-07 17:37 - 2015-07-07 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-07 17:32 - 2015-07-07 17:32 - 00000000 ____D C:\Users\Lee\AppData\Local\My Games
2015-07-07 17:12 - 2015-07-07 17:12 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-07 17:08 - 2015-07-07 17:40 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-07-07 08:33 - 2015-07-12 14:28 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-07 08:26 - 2015-07-12 16:24 - 00000000 ____D C:\ProgramData\MFAData
2015-07-07 08:26 - 2015-07-07 08:26 - 00000000 ____D C:\Users\Lee\AppData\Local\MFAData
2015-06-29 03:36 - 2015-06-29 03:36 - 00000000 _____ C:\Users\Lee\AppData\Local\Temp.dat
2015-06-27 10:54 - 2015-07-07 08:06 - 00000086 _____ C:\Users\Lee\Desktop\Churp acc.txt
2015-06-24 12:15 - 2015-06-24 12:15 - 00329955 _____ C:\Users\Lee\Downloads\web-page-design.pptx
2015-06-24 02:08 - 2015-06-24 02:08 - 00050468 _____ C:\Users\Lee\Downloads\alex.pptx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-21 10:28 - 2015-03-16 01:28 - 00000000 ____D C:\ProgramData\QvodPlayer
2015-07-21 10:28 - 2015-03-15 16:46 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AABF9019-24A9-4F39-B0AB-A3B1E8DB659F}
2015-07-21 10:25 - 2015-03-15 03:13 - 00003470 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Lee
2015-07-21 10:25 - 2015-03-14 13:34 - 00000000 ___RD C:\Users\Lee\OneDrive
2015-07-21 01:57 - 2015-03-14 13:27 - 00000000 ____D C:\Users\Lee\AppData\Local\Packages
2015-07-21 00:58 - 2014-03-18 18:03 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-21 00:38 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-21 00:37 - 2015-06-03 09:54 - 00000000 ____D C:\AdwCleaner
2015-07-21 00:37 - 2013-08-22 21:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-07-20 20:00 - 2015-03-17 13:48 - 00000000 ____D C:\Users\Lee\Desktop\Camera1
2015-07-20 19:56 - 2015-03-28 21:32 - 00000000 ____D C:\Users\Lee\AppData\Roaming\DMCache
2015-07-20 19:30 - 2015-03-16 20:16 - 00000000 ____D C:\Windows\system32\MRT
2015-07-20 19:14 - 2015-03-14 13:33 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2144783805-3887696613-600744108-1001
2015-07-20 19:04 - 2015-05-29 17:31 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-07-20 17:32 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-19 23:23 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-07-19 10:57 - 2015-03-28 21:32 - 00000000 ____D C:\Users\Lee\Downloads\Compressed
2015-07-17 23:44 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-17 07:21 - 2015-03-22 14:11 - 01195520 ___SH C:\Users\Lee\Desktop\Thumbs.db
2015-07-17 02:24 - 2015-03-28 21:32 - 00000000 ____D C:\Users\Lee\Downloads\Video
2015-07-17 02:11 - 2015-03-14 22:24 - 00000000 ____D C:\Users\Lee\AppData\Roaming\2K Sports
2015-07-17 00:16 - 2015-04-05 01:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 00:16 - 2015-04-05 01:52 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-17 00:16 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-17 00:16 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\WinStore
2015-07-16 22:46 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2015-07-16 14:09 - 2015-03-16 22:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 14:09 - 2015-03-16 22:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 12:28 - 2015-03-15 03:14 - 00000000 ____D C:\Users\Lee\AppData\Roaming\GarenaPlus
2015-07-16 12:28 - 2015-03-15 03:13 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-07-16 02:50 - 2015-03-16 01:35 - 00000000 ____D C:\Users\Lee\AppData\Roaming\NVIDIA
2015-07-14 05:10 - 2013-08-22 23:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 05:10 - 2013-08-22 23:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 16:34 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\addins
2015-07-12 19:47 - 2015-03-14 13:26 - 00000000 ____D C:\Users\Lee
2015-07-12 16:25 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-12 14:30 - 2015-03-16 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¿ì²¥Èí¼þ
2015-07-12 14:30 - 2015-03-14 18:27 - 00000000 ____D C:\Users\Lee\AppData\Local\CrashDumps
2015-07-12 14:27 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-12 13:45 - 2015-05-29 17:34 - 00000000 ____D C:\ProgramData\12386142813810340278
2015-07-12 05:10 - 2015-05-29 17:31 - 00000000 ____D C:\Users\Lee\AppData\Roaming\NCH Software
2015-07-12 05:10 - 2015-05-20 09:22 - 00000000 ____D C:\Users\Lee\AppData\Roaming\TunnelBear
2015-07-12 05:10 - 2014-08-22 08:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-11 11:51 - 2015-05-27 13:41 - 00000000 ____D C:\Users\Public\Documents\temp
2015-07-11 11:51 - 2015-04-05 23:12 - 00000000 ____D C:\Users\Lee\AppData\Roaming\FunUninstall
2015-07-11 11:51 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Branding
2015-07-11 11:05 - 2015-06-06 13:41 - 00000000 ____D C:\ProgramData\TechSmith
2015-07-08 21:21 - 2015-05-14 14:27 - 00051712 ___SH C:\Users\Lee\Downloads\Thumbs.db
2015-07-07 17:40 - 2015-06-12 00:21 - 00000000 ____D C:\Program Files\OBS
2015-07-07 17:40 - 2015-06-12 00:21 - 00000000 ____D C:\Program Files (x86)\OBS
2015-07-07 17:40 - 2015-06-07 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-07-07 08:37 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-05 18:08 - 2015-03-15 21:25 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 10:41 - 2015-05-18 16:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 08:43 - 2015-03-16 20:16 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-29 16:37 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-29 03:35 - 2015-04-30 12:40 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-29 03:35 - 2015-04-30 12:40 - 00001169 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-29 03:35 - 2015-03-14 13:27 - 00001452 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-27 10:57 - 2014-04-30 00:34 - 00000000 ____D C:\Windows\Panther
2015-06-24 09:59 - 2015-03-15 16:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-21 02:36 - 2015-06-04 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
2015-06-21 02:36 - 2015-05-21 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreadOut
2015-06-21 02:36 - 2015-05-06 22:53 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RYL2 Blackout Full Client V7.0
2015-06-21 02:36 - 2015-04-29 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2015-06-21 02:36 - 2015-04-08 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GF
2015-06-21 02:36 - 2015-04-04 15:54 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\《完美世界》
2015-06-21 02:36 - 2015-04-04 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evil Warrior
2015-06-21 02:36 - 2015-04-02 14:55 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RYLOracle
==================== Files in the root of some directories =======
2015-07-13 16:36 - 2015-07-19 10:45 - 0000024 _____ () C:\Users\Lee\AppData\Roaming\appdataFr25.bin
2015-06-07 14:21 - 2015-06-08 01:34 - 0000022 _____ () C:\Users\Lee\AppData\Roaming\rep153697.txt
2015-04-02 04:24 - 2015-04-02 04:24 - 0045270 _____ () C:\Users\Lee\AppData\Roaming\room_v3.dat
2015-06-29 03:36 - 2015-06-29 03:36 - 0000000 _____ () C:\Users\Lee\AppData\Local\Temp.dat
2015-06-10 21:56 - 2015-06-10 21:56 - 0004887 _____ () C:\ProgramData\nolecicr.ofg
Some files in TEMP:
====================
C:\Users\Lee\AppData\Local\Temp\patch_3070302.exe
C:\Users\Lee\AppData\Local\Temp\patch_3070303.exe
C:\Users\Lee\AppData\Local\Temp\patch_3070401.exe
C:\Users\Lee\AppData\Local\Temp\Quarantine.exe
C:\Users\Lee\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-15 00:50
==================== End of log ============================