Jump to content

[ RESOLVED ] Thunder Malware was found and deleted but recurring

mikacg
 Share

Recommended Posts

mikacg

mikacg

Posted
Posted

Hello. I need help.

I used a Chinese video player program by Thunder for a few years. Recently I've uninstalled the program dan remove all Thunder's registry that I can find using regedit.exe.

However, every day Malwarebytes would find the same malwares. Though I deleted them and the folder, they keep coming back.

What should I do?

m1.PNG

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Hello mikacg and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites
mikacg

mikacg

Posted
  • Author
Posted
On 5/5/2017 at 5:27 PM, kevinf80 said:
Hello mikacg and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..

Thank you for your guidance.

Am I doing this right?

Here is log FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by user (administrator) on MIKA (07-05-2017 09:32:49)
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: UpdatusUser & user & Visitor & Guest & DefaultAppPool (Available Profiles: UpdatusUser & user & Visitor & Guest & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\U Mobile Broadband Manager\UIMain.exe
() C:\Program Files (x86)\U Mobile Broadband Manager\CMUpdater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3736845548-991568284-36536616-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4019312 2017-03-28] (Tonec Inc.)
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\Policies\Explorer: [NoWinKeys] 1
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\MountPoints2: {5601a43f-1f57-11e2-b6fd-dc85de2427e2} - F:\AutoRun.exe
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\MountPoints2: {702eeba9-1cdf-11e2-a21d-dc85de2427e2} - F:\AutoRun.exe
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\MountPoints2: {702eebc2-1cdf-11e2-a21d-dc85de2427e2} - F:\AutoRun.exe
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\MountPoints2: {82b34f21-6066-11e2-829f-dc85de2427e2} - F:\Install.exe
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\MountPoints2: {b5b0805b-6108-11e2-acba-3085a9196836} - F:\AutoRun.exe
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\MountPoints2: {b7054865-5f93-11e2-8a6e-3085a9196836} - F:\AutoRun.exe
HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\MountPoints2: {f514995a-6042-11e2-b495-dc85de2427e2} - F:\AutoRun.exe
HKU\S-1-5-21-3736845548-991568284-36536616-1006\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4019312 2017-03-28] (Tonec Inc.)
HKU\S-1-5-21-3736845548-991568284-36536616-1006\...\Run: [XMP] => "C:\Users\Public\THUNDE~1\XMP4\Core\Program\XMP.exe" /embedding /sstartfrom Startup101
HKU\S-1-5-21-3736845548-991568284-36536616-1006\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
HKU\S-1-5-21-3736845548-991568284-36536616-1006\...\MountPoints2: {702eeba9-1cdf-11e2-a21d-dc85de2427e2} - F:\AutoRun.exe
HKU\S-1-5-21-3736845548-991568284-36536616-1006\...\MountPoints2: {b5b0805b-6108-11e2-acba-3085a9196836} - F:\AutoRun.exe
HKU\S-1-5-21-3736845548-991568284-36536616-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-04-24] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll [2017-04-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll [2017-04-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll [2017-04-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [.RBCShellExternal] -> {30C5E658-70B6-4570-A780-D362A5BE2049} => C:\Users\Public\Video Legend\RBC\Addins\RBCShellExternal64.dll [2016-06-08] (Shenzhen Video Legend Network Technology Co.,Ltd.)
ShellIconOverlayIdentifiers: [.XLKKDesktopIcon] -> {4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} => C:\Users\Public\Thunder Network\KKVideo\Addins\KKVIconHandler64.dll [2014-11-18] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Touro Cloud Backup\ShellExtensionx64\ShellExtension.dll -> No File
ShellIconOverlayIdentifiers: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Touro Cloud Backup\ShellExtensionx64\ShellExtension.dll -> No File
ShellIconOverlayIdentifiers: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Touro Cloud Backup\ShellExtensionx64\ShellExtension.dll -> No File
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\Pusher\reghelper\xappex.1.1.1.92.(82).dll [2016-11-07] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [   Report] -> {32C50D96-7A9E-4F3E-8763-F74D86AFEDC2} => C:\Users\user\AppData\Roaming\ytmediacenter\report.dll [2015-09-09] (Youku.com)
ShellIconOverlayIdentifiers-x32: [   YoukuModShlExt] -> {9071723E-9F41-4A8C-9CC2-EB6F94BA9B9E} => C:\Users\user\AppData\Roaming\ytmediacenter\coreplay.dll [2015-09-23] (Youku.com)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll [2017-04-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll [2017-04-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll [2017-04-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension.dll -> No File
ShellIconOverlayIdentifiers-x32: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension.dll -> No File
ShellIconOverlayIdentifiers-x32: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension.dll -> No File
ShellIconOverlayIdentifiers-x32: [04MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension.dll -> No File
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(998).dll -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Program Files (x86)\FlyVPN\FlyVPNBind-x86.dll [209736 2015-05-23] (www.flyvpn.com)
Winsock: Catalog9 02 C:\Program Files (x86)\FlyVPN\FlyVPNBind-x86.dll [209736 2015-05-23] (www.flyvpn.com)
Winsock: Catalog9 03 C:\Program Files (x86)\FlyVPN\FlyVPNBind-x86.dll [209736 2015-05-23] (www.flyvpn.com)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\FlyVPN\FlyVPNBind-x64.dll [180552 2015-05-23] (www.flyvpn.com)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\FlyVPN\FlyVPNBind-x64.dll [180552 2015-05-23] (www.flyvpn.com)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\FlyVPN\FlyVPNBind-x64.dll [180552 2015-05-23] (www.flyvpn.com)
Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\..\Interfaces\{47A770FB-2303-4D2B-A1A1-A7242176FB93}: [NameServer] 123.136.100.2 8.8.8.8
Tcpip\..\Interfaces\{78CE4B72-09AE-4577-98DA-0432A4F27124}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{9852843A-41F9-4777-B0EA-0FD18C7CE01E}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{DBA2D611-F0A4-4255-8DA6-8FB7F1C54503}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3736845548-991568284-36536616-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-3736845548-991568284-36536616-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
HKU\S-1-5-21-3736845548-991568284-36536616-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
URLSearchHook: [S-1-5-21-3736845548-991568284-36536616-501] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3736845548-991568284-36536616-1001 -> {A27BC3E5-2184-4A86-B3CD-BC33F886B1C2} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3736845548-991568284-36536616-1001 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=79081068_1_oem_dg&ch=33
SearchScopes: HKU\S-1-5-21-3736845548-991568284-36536616-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-26] (Microsoft Corporation)
BHO: No Name -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-04-26] (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-26] (Microsoft Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab)
BHO-x32: WebDetectorBHO Class -> {43BEAFD9-E005-483D-A367-146BA6C8A32E} -> C:\Users\user\AppData\Local\Tudou\FeisuTudou\tudouDetector.dll => No File
BHO-x32: No Name -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> No File
BHO-x32: YoukuEyeOnIE Class -> {7DC4B5B6-C122-44C4-825C-B310513A47CB} -> C:\Users\user\AppData\Roaming\ytmediacenter\ykcool.dll [2015-09-01] (Youku.com)
BHO-x32: ѸÀ×ÏÂÔØÖ§³Ö -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\xunleiBHO7.9.16.4670.dll => No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-12-30] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-04-26] (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
BHO-x32: ѸÀ×ÏÂÔØÖ§³Ö×é¼þ -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll => No File
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3736845548-991568284-36536616-1001 -> No Name - {6B896ADB-4A82-46E2-858C-13134782CE34} -  No File
Toolbar: HKU\S-1-5-21-3736845548-991568284-36536616-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-26] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1wrfx1ez.default [2017-05-03]
FF Extension: (ClipConverter) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1wrfx1ez.default\Extensions\clipconverter@clipconverter.cc.xpi [2016-07-28]
FF Extension: (Shield Recipe Client) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1wrfx1ez.default\features\{a7cfc7a5-31ee-497e-b481-df00a02e1d82}\shield-recipe-client@mozilla.org.xpi [2017-05-03]
FF Extension: (Hotspot Shield Helper (Please allow this installation)) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-11-04] [not signed]
FF Extension: (Hotspot Shield Helper (Please allow this installation)) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2015-11-04] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-26]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-03-28]
FF HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2016-11-23] [not signed]
FF HKU\S-1-5-21-3736845548-991568284-36536616-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-3736845548-991568284-36536616-1006\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3736845548-991568284-36536616-1006\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Visitor\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Visitor\AppData\Roaming\IDM\idmmzcc5 [2017-03-18] [not signed]
FF HKU\S-1-5-21-3736845548-991568284-36536616-1006\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-09-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-24] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2016-07-14] (Baidu.com, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-02] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-12-04] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3736845548-991568284-36536616-1001: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [No File]
FF Plugin HKU\S-1-5-21-3736845548-991568284-36536616-1001: iloen.com/MelOnWebLinker -> C:\Windows\SysWOW64\npMelOnWebLinkerAx.dll [2014-06-13] (LOEN Entertainment)
FF Plugin HKU\S-1-5-21-3736845548-991568284-36536616-1001: youku.com/YoukuAgent -> C:\Program Files (x86)\YouKu\tudouClient\npYoukuAgent.dll [2014-10-29] (Youku)
FF Plugin HKU\S-1-5-21-3736845548-991568284-36536616-1001: youku.com/YoukuAgent_x86_64 -> C:\Program Files (x86)\YouKu\tudouClient\npYoukuAgent_x64.dll [2014-11-12] (Youku)
FF Plugin HKU\S-1-5-21-3736845548-991568284-36536616-1006: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Visitor\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2013-11-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-11-07] (RealPlayer)

Chrome: 
=======
CHR HomePage: Default -> hxxps://malaysia.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_45&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dmy%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EtBtB0AtCyEtBzzyBtA0BtN0D0Tzu0StCyEtDtCtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0B0E0C0CyC0FzztGtCyD0AtCtGyE0FyCtDtGtA0AyDtAtG0EyE0E0FtDzytB0A0FyC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyCtBtC0BtB0AtGtDyEtByEtGyEyByE0BtGzztC0C0AtG0CyBtByDtA0C0BtCyE0FtD0A2QtN0A0LzuyE%26cr%3D1181404970%26a%3Dwncy_ir_15_45%26os%3DWindows%2B7%2BHome%2BPremium
CHR StartupUrls: Default -> "hxxps://malaysia.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_45&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dmy%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EtBtB0AtCyEtBzzyBtA0BtN0D0Tzu0StCyEtDtCtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0B0E0C0CyC0FzztGtCyD0AtCtGyE0FyCtDtGtA0AyDtAtG0EyE0E0FtDzytB0A0FyC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyCtBtC0BtB0AtGtDyEtByEtGyEyByE0BtGzztC0C0AtG0CyBtByDtA0C0BtCyE0FtD0A2QtN0A0LzuyE%26cr%3D1181404970%26a%3Dwncy_ir_15_45%26os%3DWindows%2B7%2BHome%2BPremium"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-05-07]
CHR Extension: (Google Translate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-07-26]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-26]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-26]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-26]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-26]
CHR Extension: (Tampermonkey) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-17]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-26]
CHR Extension: (ChromeSecurity) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffkdfffhegcgcbnfpefeimpaicmljamj [2016-08-25]
CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-01-26]
CHR Extension: (FBDown Video Downloader) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-27]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-04-19]
CHR Extension: (anonymoX) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2016-11-17]
CHR Extension: (Auto HD For YouTube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2017-01-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-07-27]
CHR Extension: (LINE) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2017-01-25]
CHR Extension: (ClipConverter) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhloplcgldbjabkiklejdpajjhbeeekd [2016-07-28]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-26]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-04-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-04-07]
CHR HKU\S-1-5-21-3736845548-991568284-36536616-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-04-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-14] (ASUS)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-30] (Atheros Commnucations) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)
S4 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [117760 2012-11-21] (Dassault Systèmes) [File not signed]
S4 Droid4XService; C:\Program Files (x86)\Droid4X\Droid4XService.exe [279552 2017-02-14] () [File not signed]
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-17] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation)
S4 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 NTI Backup Now EZ 4 Scheduler; C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe [95432 2014-11-06] ()
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [41472 2016-05-11] ()
S4 UI Assistant Service; C:\Program Files (x86)\U Mobile Broadband Manager\AssistantServices.exe [274760 2012-06-28] ()
S4 WebServe; C:\Program Files (x86)\YouKu\YoukuClient\WebServe.exe [349744 2015-09-24] (TODO: <公司名>)
S4 WebServeTD; C:\Program Files (x86)\YouKu\tudouClient\WebServeTD.exe [353840 2015-11-20] (TODO: <公司名>)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174208 2013-12-10] (ShenZhen Xunlei Networking Technologies,LTD)
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-30] (Atheros) [File not signed]
S2 MEmusvc; D:\Program Files\Microvirt\MEmu\MemuService.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-03-01] (ASUSTek Computer Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-04-12] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-31] (ASUS)
S3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [73512 2015-04-23] (ASUS Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-09-28] (AVG Technologies)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-12-21] (Qualcomm Atheros)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [51264 2015-07-07] (IVT Corporation.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-01-26] (Digiarty Software, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-23] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195296 2017-04-12] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [314864 2017-04-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1035480 2017-04-12] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-26] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-15] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-03-15] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-10] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-07] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-07] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-07] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-05-07] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-28] (Intel Corporation)
R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0039.sys [38432 2016-05-24] (SoftEther Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SEE; C:\Windows\System32\drivers\see.sys [50208 2017-03-08] (SoftEther Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-09-26] (Synaptics Incorporated)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-25] (Anchorfree Inc.)
R1 VBoxDrv; C:\Windows\SysWOW64\DRIVERS\VBoxDrv.sys [254240 2014-05-16] (Oracle Corporation)
R3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ztembbusbmdm.sys [123264 2012-11-23] (ZTE Incorporated)
S3 cpuz134; \??\C:\Users\user\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 cpuz138; \??\C:\Users\user\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 rtsuvc; system32\DRIVERS\rtsuvc.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-07 09:31 - 2017-05-07 09:32 - 00000000 ____D C:\FRST
2017-05-07 09:13 - 2017-05-07 09:13 - 00000000 ___HD C:\OneDriveTemp
2017-05-06 23:11 - 2017-05-06 23:12 - 00040678 _____ C:\Users\user\Downloads\15078ea24846ddc190cc3df4a63a563f.jpeg
2017-05-06 23:07 - 2017-05-06 23:07 - 00172106 _____ C:\Users\user\Downloads\34f2f5e5920eb12034087246a631bdfb.jpeg
2017-05-05 17:57 - 2017-05-05 22:37 - 00000000 ____D C:\Users\user\Downloads\art
2017-05-05 13:43 - 2017-05-05 13:43 - 00000000 ____D C:\ProgramData\Thunder Network
2017-05-04 11:40 - 2017-05-04 11:40 - 00001438 _____ C:\Users\user\AppData\Local\recently-used.xbel
2017-05-03 23:34 - 2017-05-03 23:34 - 00111469 _____ C:\Users\user\Downloads\e-BR1M.pdf
2017-05-02 16:20 - 2017-05-02 16:20 - 00051020 _____ C:\Users\user\Downloads\160426 [HALLYU ZAP] CROSS GENE SHIN CUT.ass
2017-05-01 09:11 - 2017-05-01 09:11 - 00003053 _____ C:\Users\user\Desktop\SharpKeys.lnk
2017-05-01 09:11 - 2017-05-01 09:11 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RandyRants.com
2017-05-01 09:11 - 2017-05-01 09:11 - 00000000 ____D C:\Program Files (x86)\RandyRants.com
2017-05-01 09:06 - 2017-05-01 09:06 - 00000000 ____D C:\Users\user\Downloads\Windows-Key-Shortcut-Hacks
2017-05-01 09:05 - 2017-05-01 09:05 - 00001250 _____ C:\Users\user\Downloads\Windows-Key-Shortcut-Hacks.zip
2017-04-30 20:35 - 2017-04-30 20:35 - 00000000 _____ C:\Users\user\Desktop\New Text Document.txt
2017-04-30 20:34 - 2017-04-30 20:34 - 00000324 _____ C:\Users\user\Desktop\New AutoHotkey Script.ahk
2017-04-30 20:31 - 2017-04-30 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2017-04-30 20:31 - 2017-04-30 20:31 - 00000000 ____D C:\Program Files\AutoHotkey
2017-04-30 19:53 - 2017-04-30 19:53 - 04475307 _____ C:\Users\user\Downloads\AutoHotkey_1.1.25.01.zip
2017-04-30 15:14 - 2017-04-30 15:14 - 00138048 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-30 15:14 - 2017-04-30 15:14 - 00138048 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-30 14:50 - 2017-04-30 14:54 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-04-29 11:47 - 2017-04-29 11:49 - 3875079412 _____ C:\Users\user\Downloads\gacha.avi
2017-04-23 17:18 - 2017-04-23 17:18 - 00000000 ____D C:\Users\user\Downloads\Dino Force Brave Album
2017-04-23 17:11 - 2017-04-23 17:12 - 55639664 _____ C:\Users\user\Downloads\Dino Force Brave Album.zip
2017-04-22 15:01 - 2017-04-22 15:01 - 00235372 _____ C:\Users\user\Documents\4.xps
2017-04-22 09:38 - 2016-04-28 18:31 - 438237255 _____ C:\Users\user\Downloads\160426 [HALLYU ZAP] CROSS GENE SHIN CUT.mp4
2017-04-20 22:34 - 2017-04-20 22:34 - 00005345 _____ C:\Users\user\Downloads\130528 Cross Talk 1.mp4 - Google Drive.ass
2017-04-12 11:09 - 2017-03-26 03:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 11:09 - 2017-03-26 01:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 11:08 - 2017-03-28 02:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 11:08 - 2017-03-28 01:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 11:08 - 2017-03-26 03:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 11:08 - 2017-03-26 03:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 11:08 - 2017-03-26 02:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 11:08 - 2017-03-26 02:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 11:08 - 2017-03-26 02:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 11:08 - 2017-03-26 02:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 11:08 - 2017-03-26 02:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 11:08 - 2017-03-26 02:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 11:08 - 2017-03-26 02:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 11:08 - 2017-03-26 02:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 11:08 - 2017-03-26 02:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 11:08 - 2017-03-26 02:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 11:08 - 2017-03-26 02:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 11:08 - 2017-03-26 02:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 11:08 - 2017-03-26 02:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 11:08 - 2017-03-26 02:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 11:08 - 2017-03-26 02:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 11:08 - 2017-03-26 02:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 11:08 - 2017-03-26 02:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 11:08 - 2017-03-26 02:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 11:08 - 2017-03-26 02:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 11:08 - 2017-03-26 02:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 11:08 - 2017-03-26 02:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 11:08 - 2017-03-26 02:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 11:08 - 2017-03-26 02:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 11:08 - 2017-03-26 02:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 11:08 - 2017-03-26 02:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 11:08 - 2017-03-26 02:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 11:08 - 2017-03-26 02:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 11:08 - 2017-03-26 02:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 11:08 - 2017-03-26 02:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 11:08 - 2017-03-26 02:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 11:08 - 2017-03-26 02:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 11:08 - 2017-03-26 02:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 11:08 - 2017-03-26 02:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 11:08 - 2017-03-26 02:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 11:08 - 2017-03-26 01:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 11:08 - 2017-03-26 01:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 11:08 - 2017-03-26 01:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 11:08 - 2017-03-26 01:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 11:08 - 2017-03-26 01:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 11:08 - 2017-03-26 01:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 11:08 - 2017-03-26 01:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 11:08 - 2017-03-26 01:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 11:08 - 2017-03-26 01:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 11:08 - 2017-03-26 01:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 11:08 - 2017-03-26 01:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 11:08 - 2017-03-26 01:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 11:08 - 2017-03-26 01:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 11:08 - 2017-03-26 01:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 11:08 - 2017-03-26 01:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 11:08 - 2017-03-26 01:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 11:08 - 2017-03-26 01:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 11:08 - 2017-03-26 01:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 11:08 - 2017-03-26 00:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 11:08 - 2017-03-26 00:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 11:08 - 2017-03-26 00:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 11:08 - 2017-03-26 00:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 11:08 - 2017-03-26 00:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 11:08 - 2017-03-26 00:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 11:08 - 2017-03-26 00:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 11:08 - 2017-03-26 00:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 11:08 - 2017-03-25 06:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 11:08 - 2017-03-25 06:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 11:08 - 2017-03-22 23:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 11:08 - 2017-03-22 23:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 11:08 - 2017-03-22 23:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 11:08 - 2017-03-22 23:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 11:08 - 2017-03-22 23:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 11:08 - 2017-03-22 23:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 11:08 - 2017-03-22 23:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 11:08 - 2017-03-22 23:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 11:08 - 2017-03-22 23:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 11:08 - 2017-03-22 23:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 11:08 - 2017-03-22 23:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 11:08 - 2017-03-22 23:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 11:08 - 2017-03-22 23:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 11:08 - 2017-03-22 23:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 11:08 - 2017-03-22 23:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 11:08 - 2017-03-22 23:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 11:08 - 2017-03-14 23:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 11:08 - 2017-03-14 23:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 11:08 - 2017-03-14 23:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 11:08 - 2017-03-11 00:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 11:08 - 2017-03-11 00:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 11:08 - 2017-03-11 00:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 11:08 - 2017-03-11 00:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 11:08 - 2017-03-11 00:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 11:08 - 2017-03-11 00:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 11:08 - 2017-03-11 00:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 11:08 - 2017-03-11 00:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 11:08 - 2017-03-11 00:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 11:08 - 2017-03-11 00:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 11:08 - 2017-03-10 23:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 11:08 - 2017-03-09 04:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 11:08 - 2017-03-09 04:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 11:08 - 2017-03-08 12:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 11:08 - 2017-03-08 12:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 11:08 - 2017-03-08 12:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 11:08 - 2017-03-08 12:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 11:08 - 2017-03-08 12:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 11:08 - 2017-03-08 12:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 11:08 - 2017-03-08 12:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 11:08 - 2017-03-08 12:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 11:08 - 2017-03-08 12:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 12:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 11:08 - 2017-03-08 12:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 11:08 - 2017-03-08 12:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 11:08 - 2017-03-08 12:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 11:08 - 2017-03-08 12:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 11:08 - 2017-03-08 11:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 11:08 - 2017-03-08 11:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 11:08 - 2017-03-08 11:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 11:08 - 2017-03-08 11:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 11:08 - 2017-03-08 11:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 11:08 - 2017-03-08 11:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 11:08 - 2017-03-08 11:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 11:08 - 2017-03-08 11:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 11:08 - 2017-03-08 11:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 11:08 - 2017-03-08 11:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 11:08 - 2017-03-08 11:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 11:08 - 2017-03-08 11:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 11:08 - 2017-03-08 11:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 11:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 11:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 11:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 11:08 - 2017-03-08 00:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 11:08 - 2017-03-08 00:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 11:08 - 2017-03-04 09:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 11:08 - 2017-03-04 09:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 11:08 - 2017-03-04 09:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 11:08 - 2017-03-04 09:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 11:08 - 2017-02-15 00:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 11:08 - 2017-02-15 00:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 11:08 - 2017-02-12 00:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 11:08 - 2017-02-12 00:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 11:08 - 2017-02-10 00:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 11:08 - 2017-02-10 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 11:08 - 2017-02-10 00:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 11:08 - 2017-01-18 23:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-11 20:46 - 2017-04-11 20:46 - 00077699 _____ C:\Users\user\Documents\tq cg.pdf
2017-04-11 08:09 - 2017-04-25 08:02 - 00000000 ____D C:\Users\user\Downloads\opera autoupdate
2017-04-10 13:34 - 2017-04-10 13:34 - 00133189 _____ C:\Users\user\Downloads\InterPark.pdf
2017-04-10 13:07 - 2017-05-07 09:09 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-10 13:07 - 2017-05-07 09:06 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-10 13:07 - 2017-05-07 09:06 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-10 13:07 - 2017-05-07 09:06 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-10 13:07 - 2017-04-10 13:07 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-10 13:06 - 2017-04-23 17:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-10 13:06 - 2017-04-10 13:06 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-10 13:06 - 2017-04-10 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-10 13:06 - 2017-04-10 13:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-08 14:48 - 2017-04-30 20:54 - 00000000 ____D C:\Users\user\Downloads\Juhyeok
2017-04-07 21:34 - 2016-10-17 23:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-04-07 17:22 - 2017-04-07 17:22 - 00000559 _____ C:\Users\user\Downloads\o.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-07 09:31 - 2009-07-14 12:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-07 09:31 - 2009-07-14 12:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-07 09:23 - 2017-01-24 18:15 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-05-07 09:21 - 2015-09-20 23:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-05-07 09:13 - 2016-07-27 19:25 - 00000000 ___RD C:\Users\user\Google Drive
2017-05-07 09:13 - 2015-11-12 21:26 - 00000000 ___RD C:\Users\user\OneDrive
2017-05-07 09:12 - 2009-07-14 13:13 - 00834482 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-07 09:12 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-05-07 09:11 - 2015-11-03 09:37 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-07 09:05 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-07 08:57 - 2012-12-11 23:48 - 00000000 ____D C:\Users\user\AppData\Roaming\DMCache
2017-05-06 22:40 - 2015-11-03 09:40 - 00000266 _____ C:\Windows\Tasks\UpdateTask.job
2017-05-06 12:10 - 2015-06-04 17:12 - 00000000 ____D C:\Users\Visitor
2017-05-06 12:10 - 2014-01-02 13:53 - 00000000 ____D C:\Users\DefaultAppPool
2017-05-06 12:10 - 2012-10-10 08:33 - 00000000 ____D C:\Users\Guest
2017-05-06 12:10 - 2012-09-30 12:04 - 00000000 ____D C:\Users\UpdatusUser
2017-05-05 17:38 - 2015-06-04 11:00 - 47352320 ___SH C:\Users\user\Downloads\Thumbs.db
2017-05-05 13:30 - 2016-12-26 18:41 - 00000000 ____D C:\Users\user\Downloads\cgaku
2017-05-04 20:36 - 2015-06-24 09:27 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 11:42 - 2012-11-29 15:20 - 00000000 ____D C:\Users\user\.gimp-2.8
2017-05-04 11:38 - 2017-01-26 11:28 - 00000000 ____D C:\Users\user\AppData\Local\gtk-2.0
2017-05-03 23:42 - 2017-01-27 13:02 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-05-03 11:30 - 2013-01-14 09:17 - 00000000 ____D C:\Users\user\AppData\Roaming\IDM
2017-05-02 16:23 - 2013-06-29 22:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Aegisub
2017-05-02 11:59 - 2009-07-14 13:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-02 09:24 - 2015-07-05 21:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-01 22:36 - 2015-11-04 07:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-30 20:31 - 2017-03-08 10:42 - 00000000 ____D C:\Windows\SHELLNEW
2017-04-29 09:34 - 2015-08-18 19:31 - 00000000 ____D C:\Users\user\Documents\liteCam
2017-04-29 09:33 - 2016-09-25 07:21 - 00008704 _____ C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-28 16:39 - 2016-04-05 10:50 - 00000000 ____D C:\Users\user\AppData\Roaming\AIMP3
2017-04-28 13:32 - 2016-04-22 09:24 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d19c35b23a4021
2017-04-28 13:32 - 2016-04-22 09:24 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d19c35b1e31e2a
2017-04-28 11:32 - 2012-10-25 18:53 - 00000000 ____D C:\Windows\pss
2017-04-27 15:07 - 2012-10-09 20:23 - 00000000 ____D C:\Users\user\Desktop\Mika
2017-04-26 11:28 - 2017-03-10 15:56 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-26 11:22 - 2012-03-10 03:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-22 17:31 - 2016-08-04 12:05 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-04-22 09:44 - 2013-01-14 19:55 - 00000046 _____ C:\Users\user\AppData\Roaming\CoreAVC.ini
2017-04-21 11:33 - 2012-10-23 22:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-21 11:33 - 2012-10-23 22:12 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-21 11:33 - 2012-10-23 22:12 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-21 11:33 - 2012-03-10 04:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-18 18:41 - 2016-12-17 12:25 - 00003162 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-18 18:40 - 2015-11-12 21:26 - 00002149 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-04-16 23:34 - 2017-04-04 23:35 - 00001312 _____ C:\Users\user\Downloads\yaku.txt
2017-04-14 11:40 - 2016-08-03 08:14 - 00000000 ____D C:\Program Files (x86)\TunnelBear
2017-04-13 14:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2017-04-13 07:24 - 2009-07-14 12:45 - 06184912 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 23:40 - 2013-08-15 00:04 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 23:29 - 2012-10-24 19:19 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 23:25 - 2012-03-10 03:49 - 00827096 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-12 17:19 - 2017-01-24 18:04 - 01035480 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-04-12 17:19 - 2017-01-24 18:04 - 00195296 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-04-12 17:19 - 2016-12-26 22:03 - 00314864 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-04-12 17:01 - 2017-01-26 12:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-12 09:21 - 2013-01-14 09:16 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-04-11 16:16 - 2013-01-27 10:15 - 00000000 ____D C:\Download
2017-04-10 13:06 - 2015-05-24 17:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-10 11:25 - 2016-04-10 12:32 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-04-09 14:07 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PLA
2017-04-09 12:15 - 2017-02-09 11:45 - 00000000 ____D C:\Program Files (x86)\ChrisPC VideoTube Downloader Pro
2017-04-07 17:58 - 2012-12-16 19:23 - 00000000 ____D C:\Users\Public\Thunder Network
2017-04-07 11:34 - 2016-05-24 14:51 - 00000000 ____D C:\Program Files\SoftEther VPN Client

==================== Files in the root of some directories =======

2010-11-11 15:34 - 2010-11-11 15:34 - 0201728 _____ (Freebyte.com) C:\Program Files (x86)\hjsplit.exe
2013-05-21 10:12 - 2013-09-28 19:58 - 0003725 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-01 10:34 - 2015-11-03 17:30 - 0002298 _____ () C:\Users\user\AppData\Roaming\ASSDraw3.cfg
2013-03-14 10:17 - 2013-03-14 10:17 - 0001078 _____ () C:\Users\user\AppData\Roaming\base64.cer
2013-01-14 19:55 - 2017-04-22 09:44 - 0000046 _____ () C:\Users\user\AppData\Roaming\CoreAVC.ini
2015-09-24 16:45 - 2015-09-24 17:49 - 0002861 _____ () C:\Users\user\AppData\Roaming\droid4xinstaller.log
2012-10-09 14:46 - 2012-11-24 08:07 - 0000387 _____ () C:\Users\user\AppData\Roaming\sp_data.sys
2012-10-12 20:56 - 2012-10-12 21:00 - 0026264 _____ () C:\Users\user\AppData\Roaming\UserTile.png
2016-09-25 07:21 - 2017-04-29 09:33 - 0008704 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-04 11:40 - 2017-05-04 11:40 - 0001438 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2012-03-10 04:02 - 2010-10-07 01:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2015-10-07 16:43 - 2015-10-07 16:43 - 0000016 _____ () C:\ProgramData\mntemp
2017-02-16 16:33 - 2017-02-16 16:33 - 0001534 _____ () C:\ProgramData\ss.ini
2015-10-07 16:43 - 2015-10-07 16:43 - 0005050 _____ () C:\ProgramData\wmzddnmb.cix
2012-09-30 12:36 - 2012-09-30 12:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-09-30 12:35 - 2012-09-30 12:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-09-30 12:35 - 2012-09-30 12:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
2016-09-03 12:24 - 2016-09-02 14:09 - 2765840 _____ () C:\Users\user\AppData\Local\Temp\Deploy64.dll
2017-05-05 13:49 - 2017-05-05 13:49 - 1562624 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_2017554941551.dll
2017-05-07 08:56 - 2017-05-07 08:56 - 1562624 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_2017575649518.dll
2016-09-13 13:21 - 2016-09-10 10:15 - 2726416 _____ () C:\Users\Visitor\AppData\Local\Temp\Deploy64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-05 10:58

==================== End of FRST.txt ============================

 

Also, I've attached log Addition.txt for your reference.

Thank you.

Capture.PNG

Addition.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for those logs, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...


Next,

Download AdwCleaner by Xplode onto your Desktop.

Or from this Mirror
 
  • Double click on Adwcleaner.exe to run the tool
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs, also tell me if you have any remaining issues or concerns..

Thank you,

Kevin...

 

 

 

fixlist.txt

Link to post
Share on other sites
mikacg

mikacg

Posted
  • Author
Posted
22 hours ago, kevinf80 said:

Does seem a long time for a fix, leave it another couple of hours...

Today I redo the fixing process again. I started at 9:00 am and now it's already 11:15 pm but just like yesterday, it doesn't stop:(

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Leave FRST alone for now, continue with the following:

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.

Post that log...

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...


Let me see both logs....

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Run the following:

Download AdwCleaner by Xplode onto your Desktop.

Or from this Mirror
 
  • Double click on Adwcleaner.exe to run the tool
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin
Link to post
Share on other sites
mikacg

mikacg

Posted
  • Author
Posted

AdwCleaner[C0].txt:

# AdwCleaner v6.046 - Logfile created 11/05/2017 at 08:05:39
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-10.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : user - MIKA
# Running from : C:\Users\user\Downloads\Programs\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: WebServe


***** [ Folders ] *****

[-] Folder deleted: C:\users\user\AppData\LocalLow\AVG Secure Search
[-] Folder deleted: C:\users\user\AppData\Roaming\GrabPro
[-] Folder deleted: C:\users\user\AppData\Roaming\PerformerSoft
[-] Folder deleted: C:\users\user\AppData\Roaming\ProgSense
[#] Folder deleted on reboot: C:\users\user\AppData\Roaming\YouKu
[-] Folder deleted: C:\Program Files\Enigma Software Group
[-] Folder deleted: C:\Windows\SysNative\Tasks\WiseCleaner
[-] Folder deleted: C:\QiYi
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\Speedbit
[-] Folder deleted: C:\ProgramData\Uniblue
[-] Folder deleted: C:\ProgramData\BSD\DriverHive
[-] Folder deleted: C:\ProgramData\BSD\DriverHiveEngine
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Speedbit
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Uniblue
[#] Folder deleted on reboot: C:\ProgramData\Application Data\BSD\DriverHive
[#] Folder deleted on reboot: C:\ProgramData\Application Data\BSD\DriverHiveEngine
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\爱奇艺
[-] Folder deleted: C:\Program Files (x86)\Advanced File Optimizer
[-] Folder deleted: C:\Program Files (x86)\AVG Secure Search
[-] Folder deleted: C:\Program Files (x86)\myfree codec
[-] Folder deleted: C:\Program Files (x86)\Smart Driver Updater
[-] Folder deleted: C:\Program Files (x86)\YouKu
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Program Files (x86)\Common Files\Speedbit
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
[-] Folder deleted: C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
[#] Folder deleted on reboot: C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
[#] Folder deleted on reboot: C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
[-] Folder deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj


***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\sh4native.exe
[-] File deleted: C:\Users\Public\Desktop\全网影视.lnk
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[-] Task deleted: updateTask
[-] Task deleted: WiseCleaner\WRCSkipUAC
[-] Task deleted: WiseCleaner


***** [ Registry ] *****

[-] Key deleted: HKCU\Software\928bdabc3bef13
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ReimageRealTimeProtector
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WebServe
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\reimagerealtimeprotector
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\Classes\pokki
[#] Key deleted on reboot: HKCU\Software\Classes\pokki
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Baiduyunguanjia
[-] Key deleted: HKLM\SOFTWARE\Classes\BaiduYunGuanjia.torrent
[-] Key deleted: HKLM\SOFTWARE\Classes\Iminent.Companion.Buddy
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\pokki
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Baiduyunguanjia
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\BaiduYunGuanjia.torrent
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Iminent.Companion.Buddy
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{802F530B-A8F6-4631-AE49-6BACAAC6373E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{889D2FEB-5411-4565-8998-1DD2C5261283}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{889D2FEB-5411-4565-8998-1DD2C5261283}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
[-] Key deleted: HKU\.DEFAULT\Software\IBUpdaterService
[-] Key deleted: HKU\.DEFAULT\Software\Thunder Network
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1000\Software\AVG Secure Search
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1000\Software\Myfree Codec
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1000\Software\SpeedBit
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\BI
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\ProgSense
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\QiYi
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\Smart Driver Updater
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\Softonic
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\SpeedBit
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\BSD
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\AppDataLow\Thunder Network
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\AppDataLow\Software\QiYi
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3736845548-991568284-36536616-1001\Software\SpeedBit
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3736845548-991568284-36536616-1001\Software\SweetIM
[-] Key deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1006\Software\Thunder Network
[#] Key deleted on reboot: HKU\S-1-5-18\Software\IBUpdaterService
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Thunder Network
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\BI
[#] Key deleted on reboot: HKCU\Software\ProgSense
[#] Key deleted on reboot: HKCU\Software\QiYi
[#] Key deleted on reboot: HKCU\Software\Smart Driver Updater
[#] Key deleted on reboot: HKCU\Software\Softonic
[#] Key deleted on reboot: HKCU\Software\SpeedBit
[#] Key deleted on reboot: HKCU\Software\BSD
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Thunder Network
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\QiYi
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[-] Key deleted: HKLM\SOFTWARE\Thunder Network
[-] Key deleted: HKLM\SOFTWARE\WISECLEANER
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[-] Key deleted: HKLM\SOFTWARE\BSD
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3736845548-991568284-36536616-1001\Software\SpeedBit
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3736845548-991568284-36536616-1001\Software\SweetIM
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\BI
[#] Key deleted on reboot: [x64] HKCU\Software\ProgSense
[#] Key deleted on reboot: [x64] HKCU\Software\QiYi
[#] Key deleted on reboot: [x64] HKCU\Software\Smart Driver Updater
[#] Key deleted on reboot: [x64] HKCU\Software\Softonic
[#] Key deleted on reboot: [x64] HKCU\Software\SpeedBit
[#] Key deleted on reboot: [x64] HKCU\Software\BSD
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Thunder Network
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\QiYi
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Key deleted: [x64] HKLM\SOFTWARE\SpeedBit
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] 
[-] Value deleted: HKU\S-1-5-21-3736845548-991568284-36536616-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.hao123.com
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ROC_roc_ssl_v12
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Yontoo Desktop
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol


***** [ Web browsers ] *****

[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://malaysia.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_45&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dmy%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EtBtB0AtCyEtBzzyBtA0BtN0D0Tzu0StCyEtDtCtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0B0E0C0CyC0FzztGtCyD0AtCtGyE0FyCtDtGtA0AyDtAtG0EyE0E0FtDzytB0A0FyC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyCtBtC0BtB0AtGtDyEtByEtGyEyByE0BtGzztC0C0AtG0CyBtByDtA0C0BtCyE0FtD0A2QtN0A0LzuyE%26cr%3D1181404970%26a%3Dwncy_ir_15_45%26os%3DWindows%2B7%2BHome%2BPremium
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxps://malaysia.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_45&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dmy%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EtBtB0AtCyEtBzzyBtA0BtN0D0Tzu0StCyEtDtCtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0B0E0C0CyC0FzztGtCyD0AtCtGyE0FyCtDtGtA0AyDtAtG0EyE0E0FtDzytB0A0FyC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyCtBtC0BtB0AtGtDyEtByEtGyEyByE0BtGzztC0C0AtG0CyBtByDtA0C0BtCyE0FtD0A2QtN0A0LzuyE%26cr%3D1181404970%26a%3Dwncy_ir_15_45%26os%3DWindows%2B7%2BHome%2BPremium
[-] [C:\Users\Visitor\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jbolfgndggfhhpbnkgnpjkfhinclbigj


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [18468 Bytes] - [11/05/2017 08:05:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [16519 Bytes] - [11/05/2017 07:53:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [18616 Bytes] ##########
 

FRST.txt

Addition.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Ok lets give FRST anther try....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.


Let me see that log, also tell me if there are any remaining issues or concerns.....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites
mikacg

mikacg

Posted
  • Author
Posted

Finally I can run FRST today & it didn't take a long time. Here I attached the log. But the fixlist.txt disappeared from the folder after reboot. Why?

 

BTW, this is maybe out of topic a little bit, but I'm curious about something. Can malware affect keys (keyboard) function? Like randomly opening shortcuts even though the window key is disable? Or is there any other reasons?

Fixlog.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I`m not aware of malware that affects keyboards key operations. there is malware/infection that can monitor keyboard key operation. Keyboards can become erratic due to hardware issue or driver issues.... Malware can create shortcuts and operate such shortcuts, have a read at the following link:

https://www.quora.com/Computer-Viruses-How-does-the-SHORTCUT-Virus-in-windows-spread-and-who-is-the-creator-of-this-notorious-albeit-highly-resilient-virus

fixlist is moved and replaced with fixlog as part of its operation....

How is your PC behaving now, any remaining issues or concerns...?

Thank you,

Kevin.

Link to post
Share on other sites
mikacg

mikacg

Posted
  • Author
Posted

Oh, I see. Thank you for the answer and reference link. I will check it later (this is another issue I have).

 

Since yesterday, Malwarebytes hasn't detected any threats. I guess the solution worked well^_^

Thank you so much for your help. Your guidance was very clear and easy to understand. I'm glad that you are my advisor for this case.

Thank you once again.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the update.. Continue with the following to clean up:

Uninstall Zemana http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.