Jump to content

delta-search search engine removal


Recommended Posts

Welcome to the forum, give this a try:

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Thanks for the prompt reply!

 

Here is the logs for Adwcleaner.

 

# AdwCleaner v3.010 - Report created 24/10/2013 at 19:43:22
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : dou dou - DOUDOU-HP
# Running from : C:\Users\dou dou\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法\皮肤小盒子.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\dou dou\AppData\Roaming\Mozilla\Firefox\Profiles\h2de69z9.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1166 octets] - [24/10/2013 19:42:37]
AdwCleaner[s0].txt - [988 octets] - [24/10/2013 19:43:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1047 octets] ##########
 
 
 
Here is the logs for the MABM scan.
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.24.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
dou dou :: DOUDOU-HP [limited]
 
2013/10/24 21:11:50
mbam-log-2013-10-24 (21-11-50).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236072
Time elapsed: 4 minute(s), 11 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 2
C:\Program Files (x86)\360\360safe\360LeakFixPlugin.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\360\360safe\safemon\BootLeakFixer.tpi (Trojan.Agent) -> Delete on reboot.
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Program Files (x86)\360\360safe\360LeakFixPlugin.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\360\360safe\safemon\BootLeakFixer.tpi (Trojan.Agent) -> Delete on reboot.
 
(end)
 
Thank you!
Link to post
Share on other sites

OK.....now check Chrome settings....

For Chrome...........

First make sure you have the latest version of Chrome:

Open up Chrome > Click on the 3 bars in the upper right hand corner

Click on About Google Chrome

If there's an update available it will automatically update

Next:

Go to Tools > Clear Browser Data

Put a check next to all of these:

  • Clear browsing history
  • Clear download history
  • Delete cookies and other site and plug-in data
  • Empty the cache
Click "Clear Browsing Data"

-------------------------------

Next:

Click the Chrome menu on the browser toolbar.

Select Settings.

In the "Search" section, click Manage search engines.

Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.

Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

-------------------------------------

Click the Chrome menu .

Select Settings.

In the "On startup" section, select Open a specific page or set of pages.

Click Set pages. (in blue to the right)

Remove any unfamiliar pages.

-----------------------

Click the Chrome menu .

Select Settings.

In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.

If the page isn't the home page you'd like to use, click Change and select your preferred page.

-------------------------

Carefully check for any odd extensions or plugins: (it's a good idea to disable them all and see if you're still redirected and then add each one back until you find the culprit)

Type the following into the address box and hit Enter:

chrome:plugins

Do the same for:

chrome:extensions

Let me know.....MrC

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Hi.

 

Here is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by dou dou (administrator) on DOUDOU-HP on 24-10-2013 22:32:55
Running from C:\Users\dou dou\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(360.cn) C:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(360.cn) D:\360\360jishi\360js.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sogou.com Inc.) D:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1233\SGImeGuard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(360.cn) C:\Program Files (x86)\360\360safe\safemon\360tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(360.cn) C:\Program Files (x86)\360\360safe\SoftMgr\SML\SoftMgrLite.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\system32\mspaint.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [beatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2012-11-05] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-11-05] (IDT, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [imeGuardCom] - D:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1233\SGImeGuard.exe [347256 2013-10-17] (Sogou.com Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM-x32\...\Run: [DT HPO] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-09-16] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [systray] - C:\Windows\syswow64\systray.exe [8192 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [360Safetray] - C:\Program Files (x86)\360\360safe\safemon\360Tray.exe [884144 2013-09-05] (360.cn)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cn.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3F6C63D0E77BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: 迅雷下载支持 - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.6.4500.dll (深圳市迅雷网络技术有限公司)
BHO: EyeOnIE Class - {20E1725C-7237-41A9-954A-04DCCB1FD16C} - C:\Program Files (x86)\Baofeng\StormPlayer\MediaLibraryIcon64.dll (北京暴风科技股份有限公司)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: 迅雷下载支持 - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.9.6.4500.dll (深圳市迅雷网络技术有限公司)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360safe\safemon\safemon.dll (360.cn)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.50
 
FireFox:
========
FF ProfilePath: C:\Users\dou dou\AppData\Roaming\Mozilla\Firefox\Profiles\h2de69z9.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @360.cn/npnpsosalbum;version=1.0 - D:\360\360jishi\np360album.dll (360.cn)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @baofeng.com/npWebStorm - C:\Program Files (x86)\Baofeng\StormPlayer\webplayer\npWebStrom.dll (Beijing Baofeng Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @xunlei.com/npaplayer - C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll (ShenZhen Thunder Networking Technologies, LTD)
FF Plugin-x32: @xunlei.com/npxluser - C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll No File
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @360.cn/360MMPlugin - C:\Program Files (x86)\360\360safe\MobileMgr\np360MMPlugIn.dll (360.cn)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\dou dou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @xunlei.com/npxluser - C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll No File
FF Plugin HKCU: @xunlei.com/npxunlei;version=1.0.0.2 - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Battlefield Play4Free Updater) - C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\npBP4FUpdater.dll (EA Digital Illusions CE AB)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (360MMPlugin) - C:\Program Files (x86)\360\360safe\MobileMgr\np360MMPlugIn.dll (360.cn)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Baofeng StormPlayer 5) - C:\Program Files (x86)\Baofeng\StormPlayer\webplayer\npWebStrom.dll (Beijing Baofeng Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Garena Talk Plugin) - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (XunLei Plugin) - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (APlayer ActiveX hosting plugin) - C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll (ShenZhen Thunder Networking Technologies, LTD)
CHR Plugin: (Unity Player) - C:\Users\dou dou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (npsosalbum Module) - D:\360\360jishi\np360album.dll (360.cn)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Tampermonkey) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.66_0
CHR Extension: (AdBlock) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Thunder Download Extension for Chrome) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Skip video ads on Youtube) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oanobjfgoogmilhpmlciifoaflmojigf\0.1.2_0
CHR Extension: (Battlefield Play4Free) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0
CHR Extension: (Gmail) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [hmbifdmobcbjlhplmlnbjbofnnoolink] - C:\Program Files (x86)\Thunder Network\Thunder\BHO\xl_plugin_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [pppagaglfkmlpgobnlenhknilehpmcbo] - D:\360\360Safe\safemon\360webshield.crx
 
==================== Services (Whitelisted) =================
 
R2 360js; D:\360\360jishi\360js.exe [239024 2013-07-04] (360.cn)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [133936 2011-09-16] (Portrait Displays, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5635016 2013-06-25] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-09-14] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-09-14] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-11-18] (Microsoft Corporation)
S3 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2013-07-09] (ShenZhen Xunlei Networking Technologies,LTD)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe [224192 2013-09-23] (360.cn)
 
==================== Drivers (Whitelisted) ====================
 
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [70336 2013-08-23] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305336 2013-08-30] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40120 2013-07-11] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [227000 2013-10-08] (360.cn)
R2 360LanProtect; C:\Windows\System32\DRIVERS\360LanProtect.sys [39112 2013-07-12] (360.cn)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [62144 2013-05-23] (360.cn)
R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 BAPIDRV; C:\Windows\System32\Drivers\BAPIDRV64.SYS [191672 2013-09-12] (360.cn)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-09-18] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28920 2013-02-04] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-24] (n/a)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-18] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-18] (Anchorfree Inc.)
S3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39608 2013-06-18] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 TMAgent; 
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-24 22:32 - 2013-10-24 22:32 - 01955412 _____ (Farbar) C:\Users\dou dou\Downloads\FRST64.exe
2013-10-24 22:32 - 2013-10-24 22:32 - 00000000 ____D C:\FRST
2013-10-24 21:30 - 2013-10-24 21:30 - 00002243 _____ C:\Users\Public\Desktop\BlackShot Launcher.lnk
2013-10-24 21:30 - 2013-10-24 21:30 - 00001993 _____ C:\Users\Public\Desktop\BlackShot Garena Plus Launch.lnk
2013-10-24 21:30 - 2013-10-24 21:30 - 00001065 _____ C:\Users\Public\Desktop\Garena Plus.lnk
2013-10-24 21:08 - 2013-10-24 21:08 - 00000000 ____D C:\GarenaDownload
2013-10-24 20:53 - 2013-10-24 20:53 - 01060070 _____ C:\Users\dou dou\Downloads\AdwCleaner (1).exe
2013-10-24 20:37 - 2013-10-24 20:51 - 1448268920 _____ C:\Users\dou dou\Downloads\BlackShot_GarenaPlus_Install_2_187.exe
2013-10-24 20:36 - 2013-10-24 20:36 - 02751024 _____ C:\Users\dou dou\Downloads\Blackshot_GarenaPlus_Installer.exe
2013-10-24 19:46 - 2013-10-24 19:46 - 01033335 _____ (Thisisu) C:\Users\dou dou\Downloads\JRT (1).exe
2013-10-24 19:45 - 2013-10-24 20:58 - 00003878 _____ C:\Windows\PFRO.log
2013-10-24 19:45 - 2013-10-24 20:58 - 00000112 _____ C:\Windows\setupact.log
2013-10-24 19:45 - 2013-10-24 19:45 - 06753536 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-24 19:45 - 2013-10-24 19:45 - 00000000 _____ C:\Windows\setuperr.log
2013-10-24 19:42 - 2013-10-24 20:55 - 00000000 ____D C:\AdwCleaner
2013-10-24 19:18 - 2013-10-24 19:18 - 00013937 _____ C:\Users\dou dou\Desktop\JRT.txt
2013-10-24 19:04 - 2013-10-24 19:04 - 01060070 _____ C:\Users\dou dou\Downloads\AdwCleaner.exe
2013-10-24 19:04 - 2013-10-24 19:04 - 01033335 _____ (Thisisu) C:\Users\dou dou\Downloads\JRT.exe
2013-10-24 19:00 - 2013-10-24 19:00 - 00030149 _____ C:\Users\dou dou\Desktop\dds.txt
2013-10-24 19:00 - 2013-10-24 19:00 - 00011363 _____ C:\Users\dou dou\Desktop\attach.txt
2013-10-24 18:58 - 2013-10-24 18:58 - 00094408 _____ C:\Users\dou dou\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-24 18:55 - 2013-10-24 18:56 - 00000000 __SHD C:\Users\dou dou\AppData\Roaming\360Quarant
2013-10-24 18:55 - 2013-10-24 18:55 - 00000000 __SHD C:\$360Section
2013-10-24 18:53 - 2013-10-24 18:53 - 00688992 ____R (Swearware) C:\Users\dou dou\Downloads\dds.com
2013-10-24 18:53 - 2013-10-24 18:53 - 00688992 _____ (Swearware) C:\Users\dou dou\Downloads\dds (1).com
2013-10-24 18:36 - 2013-10-24 18:36 - 00003136 _____ C:\Windows\System32\Tasks\{16C98054-64E8-47BB-B688-6855F9598B54}
2013-10-24 18:30 - 2013-10-24 18:30 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\dou dou\Downloads\rkill.exe
2013-10-24 18:25 - 2013-10-24 18:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Expert
2013-10-24 18:23 - 2013-10-24 18:23 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-24 18:23 - 2013-10-24 18:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-24 18:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-24 18:21 - 2013-10-24 18:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\dou dou\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-24 18:18 - 2013-10-24 18:18 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Aiyoyo_4549020
2013-10-24 12:58 - 2013-10-24 12:58 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\sfe
2013-10-24 11:15 - 2013-10-24 11:15 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Garena
2013-10-24 11:15 - 2013-10-24 11:15 - 00000000 ____D C:\ProgramData\Garena
2013-10-21 21:06 - 2013-10-21 21:06 - 39401336 _____ (Apple Inc.) C:\Users\dou dou\Downloads\QuickTimeInstaller.exe
2013-10-20 17:00 - 2013-10-20 17:00 - 00186992 _____ C:\Users\dou dou\Downloads\78731.user.js
2013-10-20 17:00 - 2013-10-20 17:00 - 00186992 _____ C:\Users\dou dou\Downloads\78731 (1).user.js
2013-10-19 10:03 - 2013-10-19 10:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-19 10:03 - 2013-10-19 10:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-17 20:33 - 2013-10-17 20:33 - 00085370 _____ C:\Users\dou dou\Downloads\xliveless-0.999b7.rar
2013-10-13 12:41 - 2013-10-13 12:41 - 01111552 _____ C:\Users\dou dou\Downloads\TerrariViewer.exe
2013-10-13 12:28 - 2013-10-13 12:28 - 00000000 ____D C:\ProgramData\RELOADED
2013-10-13 12:26 - 2013-10-10 08:02 - 00000000 ____D C:\Users\dou dou\Desktop\Terrariacrack
2013-10-13 12:24 - 2013-10-13 12:25 - 39882755 _____ C:\Users\dou dou\Downloads\terraria 1.2.0.3.1.rar
2013-10-13 11:55 - 2013-10-13 11:55 - 00018473 _____ C:\Users\dou dou\Downloads\[rutracker.org].t4141528.torrent
2013-10-13 11:54 - 2013-10-13 11:54 - 00012980 _____ C:\Users\dou dou\Downloads\Terraria.1.2.0.3.1.torrent
2013-10-13 11:53 - 2013-10-13 11:53 - 00012980 _____ C:\Users\dou dou\Downloads\[kickass.to]terraria.1.2.0.3.1-title=[kickass.to]terraria.1.2.0.3.1.torrent
2013-10-13 11:53 - 2013-10-13 11:53 - 00012896 _____ C:\Users\dou dou\Downloads\[isoHunt] 4930299.torrent
2013-10-13 00:09 - 2013-10-13 00:09 - 00000406 _____ C:\Users\dou dou\Downloads\proxy.pac
2013-10-12 23:50 - 2013-10-12 23:50 - 00001122 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-10-12 23:49 - 2013-09-18 04:31 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-10-12 23:48 - 2013-10-12 23:48 - 00000000 ____D C:\Users\dou dou\AppData\Local\TNT2
2013-10-12 23:47 - 2013-10-12 23:47 - 00583584 _____ C:\Users\dou dou\Downloads\hotspotshield-setup.exe
2013-10-11 14:28 - 2013-10-11 14:28 - 00000000 ____D C:\Users\dou dou\AppData\Local\LogMeIn
2013-10-11 14:28 - 2013-10-11 14:28 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-10 22:37 - 2013-10-10 22:37 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-10 21:39 - 2013-10-10 21:39 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria
2013-10-10 21:32 - 2013-10-10 21:32 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\AVG
2013-10-10 21:31 - 2013-10-10 21:48 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-10-10 21:31 - 2013-10-10 21:33 - 00000000 ____D C:\ProgramData\AVG
2013-10-10 21:30 - 2013-10-10 21:31 - 78411688 _____ (AVG) C:\Users\dou dou\Downloads\avg_tuh_stf_all_2014_174_24c28.exe
2013-10-10 21:25 - 2013-10-19 10:03 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-10 21:25 - 2013-10-10 21:25 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-10 21:25 - 2013-10-10 21:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\TuneUp Software
2013-10-10 21:25 - 2013-10-10 21:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\AVG2014
2013-10-10 21:24 - 2013-10-12 17:01 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-10 21:24 - 2013-10-10 21:25 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-10 21:24 - 2013-10-10 21:24 - 00000000 ___HD C:\$AVG
2013-10-10 21:20 - 2013-10-24 17:21 - 00000000 ____D C:\ProgramData\MFAData
2013-10-10 21:20 - 2013-10-10 21:37 - 00000000 ____D C:\Users\dou dou\AppData\Local\Avg2014
2013-10-10 21:20 - 2013-10-10 21:20 - 04425448 _____ (AVG Technologies) C:\Users\dou dou\Downloads\avg_free_stb_all_2014_4116_cnet.exe
2013-10-10 21:20 - 2013-10-10 21:20 - 00000000 ____D C:\Users\dou dou\AppData\Local\MFAData
2013-10-10 21:11 - 2013-10-10 21:11 - 00485905 _____ C:\Users\dou dou\Desktop\terraria-server.zip
2013-10-10 17:28 - 2013-09-14 09:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 17:28 - 2013-09-08 10:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 17:28 - 2013-09-08 10:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 17:28 - 2013-09-08 10:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 17:28 - 2013-08-29 10:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 17:28 - 2013-08-29 10:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 17:28 - 2013-08-29 10:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 17:28 - 2013-08-29 10:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 17:28 - 2013-08-29 10:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 17:28 - 2013-08-29 09:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 17:28 - 2013-08-29 09:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 17:28 - 2013-08-29 09:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 17:28 - 2013-08-29 09:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 17:28 - 2013-08-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 17:28 - 2013-08-29 09:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 17:28 - 2013-08-29 08:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 17:28 - 2013-08-29 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 17:28 - 2013-08-29 08:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 17:28 - 2013-08-29 08:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 17:18 - 2013-07-20 18:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 17:18 - 2013-07-20 18:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:39 - 2013-08-28 09:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:34 - 2013-08-01 20:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:29 - 2013-07-12 18:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 17:29 - 2013-07-12 18:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:24 - 2013-06-26 06:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 17:19 - 2013-07-04 20:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:19 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:14 - 2013-07-03 12:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 17:14 - 2013-07-03 12:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:14 - 2013-07-03 12:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 17:09 - 2013-09-04 20:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 17:09 - 2013-09-04 20:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 17:09 - 2013-09-04 20:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 17:09 - 2013-09-04 20:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 17:09 - 2013-09-04 20:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 17:09 - 2013-09-04 20:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:09 - 2013-09-04 20:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 17:04 - 2013-08-28 09:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 17:04 - 2013-07-04 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:04 - 2013-07-04 20:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:04 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 17:04 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 17:04 - 2013-07-04 18:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:04 - 2013-06-06 13:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:04 - 2013-06-06 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:04 - 2013-06-06 13:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:04 - 2013-06-06 13:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:04 - 2013-06-06 12:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:04 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:04 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:04 - 2013-06-06 11:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:04 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:04 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 16:55 - 2013-09-23 07:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 16:55 - 2013-09-23 07:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 16:55 - 2013-09-23 07:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 16:55 - 2013-09-23 06:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 16:55 - 2013-09-23 06:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 16:55 - 2013-09-23 06:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 16:55 - 2013-09-23 06:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 16:55 - 2013-09-23 06:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 16:55 - 2013-09-23 06:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 16:55 - 2013-09-23 06:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 16:55 - 2013-09-23 06:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 16:55 - 2013-09-23 06:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 16:55 - 2013-09-23 06:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 16:55 - 2013-09-23 06:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 16:55 - 2013-09-23 06:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 16:55 - 2013-09-23 06:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 16:55 - 2013-09-23 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 16:55 - 2013-09-21 11:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 16:55 - 2013-09-21 11:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 16:55 - 2013-09-21 10:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 16:55 - 2013-09-21 10:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-08 21:03 - 2013-10-08 21:06 - 23117731 _____ C:\Users\dou dou\Downloads\Brain Music - STUDY FOCUS CONCENTRATE - HELP YOU WORK FAST.m4a
2013-10-07 22:22 - 2013-10-07 22:22 - 00066493 _____ C:\Users\dou dou\Downloads\X-RayMod_v043.zip
2013-10-06 22:00 - 2013-10-06 22:00 - 00648240 _____ (Unity Technologies ApS) C:\Users\dou dou\Downloads\UnityWebPlayer.exe
2013-10-04 17:41 - 2013-10-04 17:41 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\No Company Name
2013-10-04 16:22 - 2013-10-04 16:22 - 00491533 _____ C:\Users\dou dou\Downloads\list4.txt
2013-10-04 16:14 - 2013-10-04 16:14 - 00000000 ____D C:\Windows\SysWOW64\Storm
2013-10-04 16:14 - 2013-09-04 10:51 - 00827728 _____ (Microsoft Corporation) C:\Windows\msvcr100.dll
2013-10-04 16:14 - 2013-09-04 10:51 - 00607568 _____ (Microsoft Corporation) C:\Windows\msvcp100.dll
2013-10-04 16:13 - 2013-10-04 18:16 - 00003298 _____ C:\Windows\System32\Tasks\SogouImeMgr
2013-10-04 16:13 - 2013-10-04 16:13 - 00000000 _____ C:\Windows\SysWOW64\nsn64BE.tmp
2013-10-04 16:13 - 2013-10-04 16:13 - 00000000 _____ C:\Windows\system32\nsn64BF.tmp
2013-10-01 18:05 - 2013-10-01 18:05 - 02534110 _____ () C:\Users\dou dou\Downloads\liteloader-installer-1.6.4-00.exe
2013-10-01 17:33 - 2013-10-01 17:33 - 00128817 _____ C:\Users\dou dou\Downloads\AutoFishing Mod v1.2.zip
2013-09-30 03:14 - 2013-09-30 22:36 - 00000000 ____D C:\Users\dou dou\Desktop\Sci PT
2013-09-30 01:32 - 2013-09-30 01:32 - 00000004 _____ C:\Users\dou dou\Downloads\Tense_ThemeBattle_Begins.mp4
2013-09-30 00:01 - 2013-09-30 00:01 - 00763789 _____ C:\Users\dou dou\Documents\Untitled.wma
2013-09-29 19:57 - 2013-09-29 20:02 - 27119770 _____ C:\Users\dou dou\Downloads\Hiroshima Nuclear (atomic) Bomb - USA attack on Japan (1945).mp4
2013-09-29 18:14 - 2013-09-29 18:21 - 49831192 _____ C:\Users\dou dou\Downloads\Effects of a nuclear bomb 2013 HD.mp4
2013-09-29 18:08 - 2013-09-29 18:13 - 39277944 _____ C:\Users\dou dou\Downloads\Hiroshima Nuclear (atomic) Bomb - USA attack on Japan (1945).flv
2013-09-29 18:07 - 2013-09-29 18:07 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\PDAppFlex
2013-09-29 14:43 - 2013-09-29 14:48 - 60965342 _____ C:\Users\dou dou\Downloads\AFTER EFFECTS OF THE ATOMIC BOMB ON HIROSHIMA AND NAGASAKI.mp4
2013-09-28 15:10 - 2013-09-28 15:10 - 00000000 ____D C:\Users\dou dou\Documents\NewBlueFX
2013-09-28 15:09 - 2013-09-28 15:09 - 00000000 ____D C:\Users\dou dou\Documents\Adobe
2013-09-28 14:54 - 2013-09-28 14:56 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\MOVAVI
2013-09-28 14:37 - 2013-09-28 14:43 - 102149720 _____ (Movavi) C:\Users\dou dou\Downloads\MovaviVideoSuiteSetup.exe
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
 
==================== One Month Modified Files and Folders =======
 
2013-10-24 22:32 - 2013-10-24 22:32 - 01955412 _____ (Farbar) C:\Users\dou dou\Downloads\FRST64.exe
2013-10-24 22:32 - 2013-10-24 22:32 - 00000000 ____D C:\FRST
2013-10-24 22:32 - 2012-03-25 14:54 - 01393628 _____ C:\Windows\WindowsUpdate.log
2013-10-24 21:35 - 2012-09-04 21:47 - 00002338 _____ C:\Users\dou dou\Desktop\Google Chrome.lnk
2013-10-24 21:30 - 2013-10-24 21:30 - 00002243 _____ C:\Users\Public\Desktop\BlackShot Launcher.lnk
2013-10-24 21:30 - 2013-10-24 21:30 - 00001993 _____ C:\Users\Public\Desktop\BlackShot Garena Plus Launch.lnk
2013-10-24 21:30 - 2013-10-24 21:30 - 00001065 _____ C:\Users\Public\Desktop\Garena Plus.lnk
2013-10-24 21:29 - 2013-07-09 22:50 - 00002171 _____ C:\Users\dou dou\Desktop\360软件管家.lnk
2013-10-24 21:08 - 2013-10-24 21:08 - 00000000 ____D C:\GarenaDownload
2013-10-24 21:08 - 2013-07-06 14:50 - 00003496 _____ C:\Windows\System32\Tasks\gg_uac_daemon_dou dou
2013-10-24 21:08 - 2012-04-23 21:55 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\GarenaPlus
2013-10-24 21:08 - 2012-04-23 21:52 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-10-24 21:06 - 2009-07-14 12:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-24 21:06 - 2009-07-14 12:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-24 21:04 - 2009-07-14 13:13 - 00803968 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-24 20:59 - 2012-10-13 21:56 - 00000000 ____D C:\Users\dou dou\AppData\Local\LogMeIn Hamachi
2013-10-24 20:58 - 2013-10-24 19:45 - 00003878 _____ C:\Windows\PFRO.log
2013-10-24 20:58 - 2013-10-24 19:45 - 00000112 _____ C:\Windows\setupact.log
2013-10-24 20:58 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-24 20:55 - 2013-10-24 19:42 - 00000000 ____D C:\AdwCleaner
2013-10-24 20:53 - 2013-10-24 20:53 - 01060070 _____ C:\Users\dou dou\Downloads\AdwCleaner (1).exe
2013-10-24 20:51 - 2013-10-24 20:37 - 1448268920 _____ C:\Users\dou dou\Downloads\BlackShot_GarenaPlus_Install_2_187.exe
2013-10-24 20:36 - 2013-10-24 20:36 - 02751024 _____ C:\Users\dou dou\Downloads\Blackshot_GarenaPlus_Installer.exe
2013-10-24 20:35 - 2013-07-09 22:50 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\360Safe
2013-10-24 20:31 - 2012-03-31 10:05 - 00000000 ____D C:\Users\dou dou\AppData\Local\CrashDumps
2013-10-24 20:05 - 2012-07-24 21:18 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-24 19:46 - 2013-10-24 19:46 - 01033335 _____ (Thisisu) C:\Users\dou dou\Downloads\JRT (1).exe
2013-10-24 19:45 - 2013-10-24 19:45 - 06753536 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-24 19:45 - 2013-10-24 19:45 - 00000000 _____ C:\Windows\setuperr.log
2013-10-24 19:18 - 2013-10-24 19:18 - 00013937 _____ C:\Users\dou dou\Desktop\JRT.txt
2013-10-24 19:04 - 2013-10-24 19:04 - 01060070 _____ C:\Users\dou dou\Downloads\AdwCleaner.exe
2013-10-24 19:04 - 2013-10-24 19:04 - 01033335 _____ (Thisisu) C:\Users\dou dou\Downloads\JRT.exe
2013-10-24 19:04 - 2013-07-09 22:35 - 00000000 ____D C:\Windows\ERUNT
2013-10-24 19:00 - 2013-10-24 19:00 - 00030149 _____ C:\Users\dou dou\Desktop\dds.txt
2013-10-24 19:00 - 2013-10-24 19:00 - 00011363 _____ C:\Users\dou dou\Desktop\attach.txt
2013-10-24 18:58 - 2013-10-24 18:58 - 00094408 _____ C:\Users\dou dou\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-24 18:56 - 2013-10-24 18:55 - 00000000 __SHD C:\Users\dou dou\AppData\Roaming\360Quarant
2013-10-24 18:55 - 2013-10-24 18:55 - 00000000 __SHD C:\$360Section
2013-10-24 18:53 - 2013-10-24 18:53 - 00688992 ____R (Swearware) C:\Users\dou dou\Downloads\dds.com
2013-10-24 18:53 - 2013-10-24 18:53 - 00688992 _____ (Swearware) C:\Users\dou dou\Downloads\dds (1).com
2013-10-24 18:36 - 2013-10-24 18:36 - 00003136 _____ C:\Windows\System32\Tasks\{16C98054-64E8-47BB-B688-6855F9598B54}
2013-10-24 18:30 - 2013-10-24 18:30 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\dou dou\Downloads\rkill.exe
2013-10-24 18:26 - 2012-07-04 21:04 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Notepad++
2013-10-24 18:26 - 2012-03-25 20:39 - 00000000 __RHD C:\MSOCache
2013-10-24 18:26 - 2011-02-12 01:00 - 00000000 ____D C:\Windows\Panther
2013-10-24 18:25 - 2013-10-24 18:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Expert
2013-10-24 18:23 - 2013-10-24 18:23 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-24 18:23 - 2013-10-24 18:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-24 18:21 - 2013-10-24 18:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\dou dou\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-24 18:18 - 2013-10-24 18:18 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Aiyoyo_4549020
2013-10-24 17:21 - 2013-10-10 21:20 - 00000000 ____D C:\ProgramData\MFAData
2013-10-24 16:18 - 2013-07-02 23:11 - 00000000 ____D C:\Users\dou dou\minecraft
2013-10-24 12:58 - 2013-10-24 12:58 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\sfe
2013-10-24 11:15 - 2013-10-24 11:15 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Garena
2013-10-24 11:15 - 2013-10-24 11:15 - 00000000 ____D C:\ProgramData\Garena
2013-10-22 09:53 - 2012-10-30 21:18 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleFordou dou.job
2013-10-21 21:06 - 2013-10-21 21:06 - 39401336 _____ (Apple Inc.) C:\Users\dou dou\Downloads\QuickTimeInstaller.exe
2013-10-21 16:12 - 2012-10-30 21:18 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleFordou dou
2013-10-21 16:12 - 2012-04-16 21:03 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-21 16:12 - 2012-03-26 21:05 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-21 16:11 - 2012-03-26 21:02 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\HP Support Assistant
2013-10-21 16:11 - 2012-03-26 20:54 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\HpUpdate
2013-10-20 17:00 - 2013-10-20 17:00 - 00186992 _____ C:\Users\dou dou\Downloads\78731.user.js
2013-10-20 17:00 - 2013-10-20 17:00 - 00186992 _____ C:\Users\dou dou\Downloads\78731 (1).user.js
2013-10-20 16:25 - 2012-10-15 11:14 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Skype
2013-10-20 16:08 - 2013-05-31 21:05 - 00035350 _____ C:\Users\dou dou\Documents\keyfile_u
2013-10-20 16:08 - 2013-05-31 21:05 - 00000016 _____ C:\Users\dou dou\Documents\keyfile
2013-10-19 15:34 - 2012-04-23 21:53 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2013-10-19 10:03 - 2013-10-19 10:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-19 10:03 - 2013-10-19 10:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-19 10:03 - 2013-10-10 21:25 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-17 20:33 - 2013-10-17 20:33 - 00085370 _____ C:\Users\dou dou\Downloads\xliveless-0.999b7.rar
2013-10-17 17:55 - 2012-03-25 16:06 - 00000000 ____D C:\Windows\Tasks\360Disabled
2013-10-17 15:18 - 2012-05-24 16:34 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-17 15:18 - 2012-05-24 16:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-17 15:18 - 2011-11-18 15:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-13 12:41 - 2013-10-13 12:41 - 01111552 _____ C:\Users\dou dou\Downloads\TerrariViewer.exe
2013-10-13 12:28 - 2013-10-13 12:28 - 00000000 ____D C:\ProgramData\RELOADED
2013-10-13 12:25 - 2013-10-13 12:24 - 39882755 _____ C:\Users\dou dou\Downloads\terraria 1.2.0.3.1.rar
2013-10-13 11:55 - 2013-10-13 11:55 - 00018473 _____ C:\Users\dou dou\Downloads\[rutracker.org].t4141528.torrent
2013-10-13 11:54 - 2013-10-13 11:54 - 00012980 _____ C:\Users\dou dou\Downloads\Terraria.1.2.0.3.1.torrent
2013-10-13 11:53 - 2013-10-13 11:53 - 00012980 _____ C:\Users\dou dou\Downloads\[kickass.to]terraria.1.2.0.3.1-title=[kickass.to]terraria.1.2.0.3.1.torrent
2013-10-13 11:53 - 2013-10-13 11:53 - 00012896 _____ C:\Users\dou dou\Downloads\[isoHunt] 4930299.torrent
2013-10-13 00:09 - 2013-10-13 00:09 - 00000406 _____ C:\Users\dou dou\Downloads\proxy.pac
2013-10-12 23:50 - 2013-10-12 23:50 - 00001122 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-10-12 23:48 - 2013-10-12 23:48 - 00000000 ____D C:\Users\dou dou\AppData\Local\TNT2
2013-10-12 23:48 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Resources
2013-10-12 23:47 - 2013-10-12 23:47 - 00583584 _____ C:\Users\dou dou\Downloads\hotspotshield-setup.exe
2013-10-12 17:52 - 2013-07-09 22:50 - 00000000 _RSHD C:\360SANDBOX
2013-10-12 17:01 - 2013-10-10 21:24 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-12 11:50 - 2009-07-14 13:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-11 19:08 - 2013-09-21 14:38 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO
2013-10-11 14:28 - 2013-10-11 14:28 - 00000000 ____D C:\Users\dou dou\AppData\Local\LogMeIn
2013-10-11 14:28 - 2013-10-11 14:28 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-10 22:37 - 2013-10-10 22:37 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-10 22:36 - 2013-03-13 22:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 22:36 - 2013-03-13 22:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 21:48 - 2013-10-10 21:31 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-10-10 21:48 - 2012-10-30 21:13 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\hpqLog
2013-10-10 21:48 - 2012-10-30 21:12 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-10-10 21:48 - 2012-08-22 21:40 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-10-10 21:48 - 2012-04-01 17:26 - 00000000 ____D C:\Users\dou dou\AppData\Local\Microsoft Help
2013-10-10 21:48 - 2011-11-18 15:44 - 00000000 __HDC C:\ProgramData\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}
2013-10-10 21:39 - 2013-10-10 21:39 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria
2013-10-10 21:39 - 2013-05-11 23:23 - 00000000 ____D C:\Games
2013-10-10 21:37 - 2013-10-10 21:20 - 00000000 ____D C:\Users\dou dou\AppData\Local\Avg2014
2013-10-10 21:34 - 2013-09-21 14:38 - 00000000 ____D C:\Program Files (x86)\LIMBO
2013-10-10 21:34 - 2013-06-10 22:15 - 00000000 ____D C:\Program Files (x86)\Sketchpad5
2013-10-10 21:33 - 2013-10-10 21:31 - 00000000 ____D C:\ProgramData\AVG
2013-10-10 21:32 - 2013-10-10 21:32 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\AVG
2013-10-10 21:31 - 2013-10-10 21:30 - 78411688 _____ (AVG) C:\Users\dou dou\Downloads\avg_tuh_stf_all_2014_174_24c28.exe
2013-10-10 21:25 - 2013-10-10 21:25 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-10 21:25 - 2013-10-10 21:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\TuneUp Software
2013-10-10 21:25 - 2013-10-10 21:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\AVG2014
2013-10-10 21:25 - 2013-10-10 21:24 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-10 21:24 - 2013-10-10 21:24 - 00000000 ___HD C:\$AVG
2013-10-10 21:20 - 2013-10-10 21:20 - 04425448 _____ (AVG Technologies) C:\Users\dou dou\Downloads\avg_free_stb_all_2014_4116_cnet.exe
2013-10-10 21:20 - 2013-10-10 21:20 - 00000000 ____D C:\Users\dou dou\AppData\Local\MFAData
2013-10-10 21:11 - 2013-10-10 21:11 - 00485905 _____ C:\Users\dou dou\Desktop\terraria-server.zip
2013-10-10 08:02 - 2013-10-13 12:26 - 00000000 ____D C:\Users\dou dou\Desktop\Terrariacrack
2013-10-09 22:02 - 2013-07-13 22:16 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 22:00 - 2012-03-29 23:16 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 17:01 - 2011-02-12 01:15 - 00789436 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-08 21:50 - 2012-03-29 19:35 - 00000000 ____D C:\Users\dou dou\AppData\Local\Apple Computer
2013-10-08 21:06 - 2013-10-08 21:03 - 23117731 _____ C:\Users\dou dou\Downloads\Brain Music - STUDY FOCUS CONCENTRATE - HELP YOU WORK FAST.m4a
2013-10-08 18:42 - 2013-07-09 22:50 - 00227000 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2013-10-08 16:00 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-07 22:22 - 2013-10-07 22:22 - 00066493 _____ C:\Users\dou dou\Downloads\X-RayMod_v043.zip
2013-10-06 22:00 - 2013-10-06 22:00 - 00648240 _____ (Unity Technologies ApS) C:\Users\dou dou\Downloads\UnityWebPlayer.exe
2013-10-06 22:00 - 2012-09-04 22:27 - 00000000 ____D C:\Users\dou dou\AppData\Local\Unity
2013-10-04 20:56 - 2012-03-25 16:03 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Adobe
2013-10-04 18:16 - 2013-10-04 16:13 - 00003298 _____ C:\Windows\System32\Tasks\SogouImeMgr
2013-10-04 17:42 - 2011-11-18 15:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-04 17:41 - 2013-10-04 17:41 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\No Company Name
2013-10-04 17:40 - 2012-09-02 13:03 - 00000000 ____D C:\Program Files\Adobe
2013-10-04 16:22 - 2013-10-04 16:22 - 00491533 _____ C:\Users\dou dou\Downloads\list4.txt
2013-10-04 16:17 - 2012-05-20 10:52 - 00000000 ____D C:\Program Files (x86)\Baofeng
2013-10-04 16:14 - 2013-10-04 16:14 - 00000000 ____D C:\Windows\SysWOW64\Storm
2013-10-04 16:14 - 2013-08-11 12:54 - 00002152 _____ C:\Users\Public\Desktop\暴风影视库.lnk
2013-10-04 16:14 - 2013-05-30 18:51 - 00000000 ____D C:\Users\dou dou\Documents\暴风影视库
2013-10-04 16:13 - 2013-10-04 16:13 - 00000000 _____ C:\Windows\SysWOW64\nsn64BE.tmp
2013-10-04 16:13 - 2013-10-04 16:13 - 00000000 _____ C:\Windows\system32\nsn64BF.tmp
2013-10-04 16:13 - 2013-07-10 21:05 - 00000000 ____D C:\Thunder
2013-10-04 16:13 - 2013-05-31 21:05 - 00000000 ___RD C:\Program Files (x86)\skype
2013-10-04 16:12 - 2013-01-01 11:12 - 00000204 _____ C:\22.log
2013-10-04 16:12 - 2011-11-18 15:44 - 00000000 ____D C:\ProgramData\Skype
2013-10-03 20:41 - 2013-07-08 22:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-03 20:41 - 2012-08-19 13:20 - 00000000 ____D C:\Users\dou dou\AppData\Local\Mozilla
2013-10-01 18:05 - 2013-10-01 18:05 - 02534110 _____ () C:\Users\dou dou\Downloads\liteloader-installer-1.6.4-00.exe
2013-10-01 17:33 - 2013-10-01 17:33 - 00128817 _____ C:\Users\dou dou\Downloads\AutoFishing Mod v1.2.zip
2013-09-30 22:36 - 2013-09-30 03:14 - 00000000 ____D C:\Users\dou dou\Desktop\Sci PT
2013-09-30 19:26 - 2012-04-13 19:31 - 00000000 ____D C:\Users\dou dou\AppData\Local\Windows Live
2013-09-30 01:32 - 2013-09-30 01:32 - 00000004 _____ C:\Users\dou dou\Downloads\Tense_ThemeBattle_Begins.mp4
2013-09-30 00:01 - 2013-09-30 00:01 - 00763789 _____ C:\Users\dou dou\Documents\Untitled.wma
2013-09-29 20:02 - 2013-09-29 19:57 - 27119770 _____ C:\Users\dou dou\Downloads\Hiroshima Nuclear (atomic) Bomb - USA attack on Japan (1945).mp4
2013-09-29 19:54 - 2012-06-02 21:05 - 00000915 _____ C:\Users\dou dou\AppData\Roaming\coreavc.ini
2013-09-29 18:21 - 2013-09-29 18:14 - 49831192 _____ C:\Users\dou dou\Downloads\Effects of a nuclear bomb 2013 HD.mp4
2013-09-29 18:13 - 2013-09-29 18:08 - 39277944 _____ C:\Users\dou dou\Downloads\Hiroshima Nuclear (atomic) Bomb - USA attack on Japan (1945).flv
2013-09-29 18:07 - 2013-09-29 18:07 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\PDAppFlex
2013-09-29 18:07 - 2012-06-27 18:38 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-29 14:48 - 2013-09-29 14:43 - 60965342 _____ C:\Users\dou dou\Downloads\AFTER EFFECTS OF THE ATOMIC BOMB ON HIROSHIMA AND NAGASAKI.mp4
2013-09-28 15:10 - 2013-09-28 15:10 - 00000000 ____D C:\Users\dou dou\Documents\NewBlueFX
2013-09-28 15:10 - 2012-05-12 13:18 - 00000000 ____D C:\ProgramData\Adobe
2013-09-28 15:09 - 2013-09-28 15:09 - 00000000 ____D C:\Users\dou dou\Documents\Adobe
2013-09-28 14:56 - 2013-09-28 14:54 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\MOVAVI
2013-09-28 14:56 - 2013-08-14 18:45 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\DivX
2013-09-28 14:55 - 2012-06-27 18:34 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-28 14:43 - 2013-09-28 14:37 - 102149720 _____ (Movavi) C:\Users\dou dou\Downloads\MovaviVideoSuiteSetup.exe
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
 
Some content of TEMP:
====================
C:\Users\dou dou\AppData\Local\Temp\Quarantine.exe
C:\Users\dou dou\AppData\Local\Temp\update_2_188.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-21 16:41
 
==================== End Of Log ============================
Link to post
Share on other sites

Here is addition.txt

 

Thanks again!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2013
Ran by dou dou at 2013-10-24 22:34:01
Running from C:\Users\dou dou\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: 360安全卫士 (Enabled - Up to date) {D41B8AC6-0533-735E-95C9-EA6832918CB1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
«Prison Architect» - Alpha 12 (x32)
360安全卫士 (x32 Version: 9.2.0.2001)
360电脑专家 8.3.6.0 (x32 Version: 8.3.6.0)
³õÈý»¯Ñ§ÉÏ(A) (x32)
Adobe AIR (x32 Version: 3.9.0.1030)
Adobe CS6 Design and Web Premium (x32 Version: 6)
Adobe Download Assistant (x32 Version: 1.2.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.03) - Chinese Simplified (x32 Version: 11.0.03)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Apple 应用程序支持 (x32 Version: 2.3.6)
AVerMedia MiniCard Hybrid TV Tuner 1.1.64.56 (x32 Version: 1.1.64.56)
AVG 2014 (Version: 14.0.3614)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Battlefield Play4Free (x32)
Blacklight Retribution (x32)
Bluetooth by hp (Version: 6.3.0.8200)
Bonjour (Version: 3.0.0.10)
Borderlands 2 (x32)
CamStudio OSS Desktop Recorder (x32 Version: 2.6 Beta r294)
CyberLink YouCam (x32 Version: 3.5.0.4417)
D3DX10 (x32 Version: 15.4.2368.0902)
Deep Fritz 12 DL (x32 Version: 12 DL)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
DivX Setup (x32 Version: 2.6.1.44)
Dota 2 (x32)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412)
Fritz 12 (x32 Version: 12.0.0)
Garena - BlackShot (x32 Version: 2.187)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Talk Plugin (x32 Version: 3.19.1.13088)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Hotspot Shield 3.17 (x32 Version: 3.17)
HP Auto (Version: 1.0.12935.3667)
HP Calendar (x32 Version: 5.1.4245.23508)
HP Client Services (Version: 1.1.12938.3539)
HP Clock (x32 Version: 5.1.4244.16367)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (x32 Version: 140.0.66.66)
HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)
HP LinkUp (x32 Version: 2.01.029)
HP Magic Canvas (x32 Version: 5.1.15.0)
HP Music (x32 Version: 4.2.5707)
HP My Display TouchSmart Edition (x32 Version: 1.07.003)
HP Notes (x32 Version: 5.1.4274.30382)
HP Odometer (x32 Version: 2.10.0000)
HP Photo (x32 Version: 4.2.5605)
HP Photo Canvas (x32 Version: 5.1.4267.27011)
HP Photo Creations (x32 Version: 1.0.0.3781)
HP Remote Solution (x32 Version: 1.1.14.0)
HP RSS (x32 Version: 5.1.4301.21494)
HP Setup (x32 Version: 9.0.15076.3891)
HP Setup Manager (x32 Version: 1.2.14901.3869)
HP Support Information (x32 Version: 11.00.0001)
HP Touch Browser (x32 Version: 5.1.4227.17815)
HP TouchSmart Twitter (x32 Version: 3.0.4276.30236)
HP Update (x32 Version: 5.003.001.001)
HP Vision Hardware Diagnostics (Version: 2.12.1.0)
IDT Audio (x32 Version: 1.0.6370.0)
iFunbox (v2.6.2375.747), iFunbox DevTeam (x32 Version: v2.6.2375.747)
Intel® Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
iShowen (x32 Version: 1.22.0000)
iTunes (Version: 10.6.1.7)
iTunes (Version: 11.1.0.126)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KeePass Password Safe 2.23 (x32)
LogMeIn Hamachi (x32 Version: 2.2.0.58)
Macromedia Extension Manager (x32 Version: 1.7.277)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office 校对工具 2013 - 简体中文 (Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Touch Pack for Windows 7 (x32 Version: 1.0.40517.00)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
Mumble 1.2.4 (x32 Version: 1.2.4)
No-IP DUC (x32 Version: 3.0.4)
Notepad++ (x32 Version: 6.5)
NVIDIA Control Panel 296.19 (Version: 296.19)
NVIDIA Graphics Driver 296.19 (Version: 296.19)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA Update 1.7.12 (Version: 1.7.12)
NVIDIA Update Components (Version: 1.7.12)
opensource (x32 Version: 1.0.14960.3876)
PDF Settings CS6 (x32 Version: 11.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (x32 Version: 6.1.5705)
PunkBuster Services (x32 Version: 0.990)
Python 2.7.5 (x32 Version: 2.7.5150)
QuickTime (x32 Version: 7.74.80.86)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.82)
Recovery Manager (x32 Version: 5.5.0.4424)
SDK (x32 Version: 2.28.007)
Simple Port Forwarding (x32 Version: 3.2.9)
Skype 6.6 (x32 Version: 6.6.14)
Soldier Front 2 (x32)
Star Conflict (x32)
Steam (x32 Version: 1.0.0.0)
Team Fortress 2 (x32)
Terraria v1.2.0.2 cracked-KEBAB (x32 Version: 1.2.0.2)
The Stanley Parable Demo (x32)
TSHostedAppLauncher (x32 Version: 5.1.15.0)
Tunngle beta (x32)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Video (x32 Version: 4.2.5622)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 软件包 (x32 Version: 15.4.3502.0922)
Windows Live 软件包 (x32 Version: 15.4.3555.0308)
Windows Live 照片库 (x32 Version: 15.4.3502.0922)
WinRAR 5.00 beta 5 (64 位) (Version: 5.00.5)
Zinio Reader 4 (x32 Version: 4.2.4164)
暴风影音5 (x32 Version: 5.29.0926.1111)
国际象棋弗里茨 12 (x32)
几何画板 5.0最强中文版 (x32 Version: 5.0.0.0)
搜狗拼音输入法 6.7正式版 (x32 Version: 6.7.0.0499)
侠盗猎车4 (x32)
迅雷7 (x32)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2)
自动优化工具 1.0.0.53 (x32 Version: 1.0.0.53)
 
==================== Restore Points  =========================
 
12-10-2013 09:00:15 Removed AVG PC TuneUp 2014
12-10-2013 09:01:30 Removed AVG PC TuneUp 2014 (en-US)
12-10-2013 15:49:21 Device Driver Package Install: Anchorfree Inc Network Service
12-10-2013 15:50:30 Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2013-07-05 23:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0259328C-15F5-4C7C-A9E2-03BECC0FEBE5} - System32\Tasks\{CC07E125-D445-460B-B2C2-CD374239C15E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-08-01] (Skype Technologies S.A.)
Task: {0794F27C-30E3-4A5F-84F7-77F8DA7EB220} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {15A6A689-63CE-4DD9-9F99-3FF8385596E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000Core1cdf098e1994741 => C:\Users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)
Task: {26375F09-8A89-437A-BB50-8C1BA258A981} - \360SuperKiller\360SuperKiller No Task File
Task: {2FC701C5-EEF1-4928-9037-9189904115F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000UA => C:\Users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)
Task: {341E369F-FA3B-4F77-9A6F-1F816DB938B2} - \KwRunAsStdUser Task10371 No Task File
Task: {366A8C39-EE6D-401E-AEB5-2E2B99DC5AF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Tune-up Postponed => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4C3A0BDB-6408-45A7-9409-CDB6A407A003} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000UA1cdf098e2774e71 => C:\Users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)
Task: {567AF0EA-B08F-4B6B-A796-F4C2F4A44B18} - System32\Tasks\gg_uac_daemon_dou dou => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {57BFBFCD-17A3-4F41-9E26-603D5A56730D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6BB8EF39-46BA-433C-A2D7-E62CD5B1C8F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {7823EF97-705F-440E-A7CF-8E5C71725E23} - \KwRunAsStdUser Task2732 No Task File
Task: {8C337C11-C076-4EE9-8EE2-C26B5FF17FD5} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-29] ()
Task: {90B5D0FE-9ECC-4CAF-A186-11D64BDB50AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {AAE15F66-C005-4BEB-83AC-D92D62E60660} - System32\Tasks\HPCeeScheduleFordou dou => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C1457059-84A6-4B2E-B14A-CE26B08DEB6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2013-09-17] (Hewlett-Packard)
Task: {C85F8972-67FF-463F-8CBF-8EC36244B09F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-17] (Adobe Systems Incorporated)
Task: {E029FA60-1F64-4B4C-9681-6DCB0E34F066} - System32\Tasks\SogouImeMgr => D:\Program Files\SogouInput\SogouExe\SogouExe.exe [2013-09-12] (Sogou.com Inc.)
Task: {E44DDB39-2FAC-4C5A-8B3E-17CA79D1D1CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {EC1D8B5E-5D4A-45D0-B015-5A618DFDF986} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F0353363-C6F7-4F52-9DC3-5E75A95F04BE} - \WpsUpdateTask_dou dou No Task File
Task: {F090A98F-CA30-4A9C-8039-011315BB2582} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000Core => C:\Users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)
Task: {F36FBC19-14AD-4931-AC37-C92E719FDA8A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {FAFAA26E-4B25-4E1A-81D2-28E96CD497F4} - \Apple\AppleSoftwareUpdate No Task File
Task: C:\Windows\Tasks\HPCeeScheduleFordou dou.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-18 15:51 - 2011-02-16 03:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00104752 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2013-05-09 12:38 - 2013-08-23 17:10 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00033584 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2013-05-09 12:38 - 2013-10-18 18:26 - 00027952 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00051504 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00087344 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00487216 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00025392 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00170800 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00184624 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2013-05-09 12:38 - 2013-05-09 12:38 - 00219952 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00106288 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2013-05-09 12:38 - 2013-07-26 14:18 - 00957232 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00055088 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00224560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2013-05-09 12:38 - 2013-10-10 19:15 - 00868656 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00192816 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00155440 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 02941232 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00065840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00016688 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2013-05-09 12:38 - 2013-07-15 22:29 - 01545520 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2013-05-09 12:38 - 2013-09-20 19:12 - 00956208 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00245040 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00026416 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00516912 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00068400 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00147248 _____ () C:\Program Files (x86)\Garena Plus\xIM.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00590128 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_msn.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00460592 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_xmpp.dll
2013-05-09 12:38 - 2013-05-09 12:38 - 00194864 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_yahoo.dll
2013-05-09 12:38 - 2013-06-19 11:39 - 00098608 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
2013-05-09 12:38 - 2013-08-06 19:01 - 00236848 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
2013-05-09 12:38 - 2013-09-20 19:11 - 00397104 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
2013-05-09 12:38 - 2013-08-06 19:01 - 00287024 _____ () C:\Program Files (x86)\Garena Plus\Plugins\DailyTaskPlugin.dll
2013-05-09 12:38 - 2013-06-19 11:39 - 00133936 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ClanBoxPlugin.dll
2013-10-19 15:33 - 2013-09-05 17:12 - 00215856 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GameSalePlugin.dll
2011-10-18 09:54 - 2011-10-18 09:54 - 00097792 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll
2011-10-18 09:54 - 2011-10-18 09:54 - 00056832 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll
2013-01-24 16:15 - 2013-06-28 16:29 - 00033072 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\DibModule.dll
2013-02-21 14:46 - 2013-10-10 18:31 - 00382256 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\ImageModule.dll
2013-06-30 10:18 - 2013-10-18 17:38 - 00799024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\gagmhook.dll
2013-05-02 19:34 - 2013-10-18 17:38 - 00022832 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\VersionModule.dll
2010-10-11 13:56 - 2010-10-11 13:56 - 00441705 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\sqlite3.dll
2013-04-30 18:56 - 2013-10-18 17:38 - 02271024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll
2013-04-30 18:55 - 2013-09-05 17:01 - 00108848 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\AudioMixerLib.dll
2011-11-21 13:18 - 2011-11-21 13:18 - 00023552 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00418304 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\exchndl.dll
2013-02-21 14:46 - 2013-08-06 18:27 - 00077104 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\FileManager.dll
2013-02-21 14:46 - 2013-06-28 16:29 - 00053040 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\FileSystem.dll
2013-03-12 11:20 - 2013-06-28 16:29 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\Http.dll
2013-02-21 14:47 - 2013-09-05 17:01 - 00046896 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\InputHookLib.dll
2013-02-21 14:47 - 2013-09-05 17:01 - 00066864 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\InputHook.dll
2012-12-21 00:55 - 2013-06-28 16:29 - 00041776 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\IPCLib.dll
2013-01-17 19:35 - 2013-06-28 16:29 - 00055600 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\LangLib.dll
2012-12-26 15:13 - 2013-08-23 16:24 - 00089904 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\audiohost.dll
2013-01-17 19:35 - 2013-07-10 19:17 - 00134960 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MessagePumpLib.dll
2011-10-18 09:54 - 2011-10-18 09:54 - 00024064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MP3Saver.dll
2011-10-18 09:54 - 2011-10-18 09:54 - 00231936 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\libmp3lame.DLL
2013-02-21 14:47 - 2013-06-28 16:29 - 00056112 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ResLib.dll
2012-03-21 17:38 - 2012-03-21 17:38 - 00092672 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PngModule.dll
2013-04-26 19:34 - 2013-06-28 16:29 - 00127792 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\TcpClient.dll
2013-03-12 15:14 - 2013-05-15 15:02 - 00137520 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UdpClient.dll
2013-04-26 19:33 - 2013-09-05 17:01 - 00110384 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILayout.dll
2013-05-02 16:49 - 2013-10-18 17:38 - 00849200 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILib.dll
2013-02-21 14:46 - 2013-08-06 18:27 - 00055600 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\XmlUIModule.dll
2013-10-24 21:35 - 2013-10-09 08:01 - 00698832 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-24 21:35 - 2013-10-09 08:01 - 00099792 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-24 21:35 - 2013-10-09 08:02 - 04055504 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-24 21:35 - 2013-10-09 08:02 - 00415184 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-24 21:35 - 2013-10-09 08:01 - 01604560 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-24 21:35 - 2013-10-09 08:02 - 13584336 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
2013-10-15 11:11 - 2013-10-15 11:11 - 02248704 _____ () C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\multiplay_sg.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VAGP ATX Chipset => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VAGP ATX Chipset => ""="Driver Group"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7550
 
Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7550
 
Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6552
 
Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6552
 
Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5553
 
Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5553
 
Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2013 09:49:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4555
 
 
System errors:
=============
Error: (10/24/2013 10:31:51 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 25.189.153.13.
The computer with the IP address 25.79.12.131 did not allow the name to be claimed by
this computer.
 
Error: (10/24/2013 08:57:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
 
 
Microsoft Office Sessions:
=========================
Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7550
 
Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7550
 
Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6552
 
Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6552
 
Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5553
 
Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5553
 
Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2013 09:49:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4555
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-05 23:02:54.286
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-05 23:02:54.239
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-05 23:02:54.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-05 23:02:54.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-05 19:37:42.660
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-05 19:37:42.613
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-05 19:37:42.582
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-05 19:37:42.535
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-07 21:12:16.962
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-07 21:12:16.926
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 30%
Total physical RAM: 8172.31 MB
Available physical RAM: 5669.69 MB
Total Pagefile: 16342.8 MB
Available Pagefile: 12573.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:912.05 GB) (Free:668.4 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:19.37 GB) (Free:1.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
Link to post
Share on other sites

No search engine is found beside the google.com engine.

I don't understand, set the search engine to what you want

What search engine do you have Chrome set to and use?


Did you disable all your extensions and see if you're still rediected?

Are you being redirected from your search engine or you can't remove Delta search from Chrome?


Right-click your browser’s shortcut. Choose Properties. Go to Shortcut tab and navigate to Target line. There should be only your browser’s directory in the Targetline:
Google Chrome – C:Program FilesGoogleChromeApplicationchrome.exe

MrC

Link to post
Share on other sites

The shortcut target line is where I have installed the chrome application.

The problem now is that after I have disabled all the extensions, and the plugins, I still cannot use my default search engine, which I have set to Google. Whenever I search anything in the omnibox, it would make use of the Delta Search engine, which is not found in the list of plugins or extensions or search engines that Chrome provided me with. In other words, this Delta Search has hijacked my chrome, and refused to allow me to remove it. I suspect that another software present in my computer might have downloaded this malicious software into my computer.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.