# Browser hijacked by Snap Do and search safeguard



## hexagon (Aug 13, 2005)

Hi,

My name is Paul. For quite some time my browser has been hijacked by Snap.Do. I have been able to remove it from my browser, but cannot remove it from my control panel\software.

A few days ago i also got infected by search safeguard. Whenever i open a browser that is my homepage. I have used all the methods said on the internet: spybot, admalware, malwarebytes, spyhunter, hitman pro... But at the end safeguard still prevails. It's been already manually removed from my browsers and i cannot find it anymore in my control panel\software but it's still there. Yesterday it removed also all my programs from the task bar on desktop screen and whenever i restart my computer now it remains empty (although i have pinned it).

Could you take a look and tell me what to do? Thanks

The info you are looking for of my system:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8091 Mb
Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
Hard Drives: C: Total - 593980 MB, Free - 183282 MB;
Motherboard: Sony Corporation, VAIO
Antivirus: Trend Micro Titanium Maximum Security, Updated: Yes, On-Demand Scanner: Enabled

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Tu Wei (administrator) on TUWEI-VAIO (26-07-2015 21:12:58)
Running from C:\Users\Tu Wei\Desktop
Loaded Profiles: Tu Wei (Available Profiles: Tu Wei)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(360.cn) C:\Program Files (x86)\360\360AP\360AP.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dropbox, Inc.) C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Tech Support Guy System) C:\Users\Tu Wei\Desktop\SysInfo.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-05-02] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-10] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Windows\system32\win\system32dll.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Run: [EPSON Stylus CX9300F Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICFP.EXE [213504 2007-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Run: [Dropbox Update] => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
AppInit_DLLs: C:\ProgramData\ExtTag\nivfh4zr.dll => C:\ProgramData\ExtTag\nivfh4zr.dll [148992 2015-07-25] ()
AppInit_DLLs-x32: C:\ProgramData\ExtTag\mk21qu1w.dll => C:\ProgramData\ExtTag\mk21qu1w.dll [116736 2015-07-25] ()
Startup: C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0MegaCloudNormal] -> {03FB4211-3964-44E8-97D7-A2FA49CF5576} => C:\Users\Tu Wei\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll [2012-11-30] ()
ShellIconOverlayIdentifiers: [1MegaCloudModified] -> {03FB4212-3964-44E8-97D7-A2FA49CF5576} => C:\Users\Tu Wei\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll [2012-11-30] ()
ShellIconOverlayIdentifiers: [2MeagCloudError] -> {03FB4213-3964-44E8-97D7-A2FA49CF5576} => C:\Users\Tu Wei\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll [2012-11-30] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQPeJLw6p6MZnqyGC1rZ27rNU-zakdq0KDxJTbY0vVtb4UnS3BcqwnmWWBr-46ZdA_gBz1ZQ22Ti9yfnuVVB1lUVddgsZ2J1rdhgbCxk1VoBo14luP7CdN2DlklqFKE27xC-i0CrOfEt-3CG&q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQPeJLw6p6MZnqyGC1rZ27rNU-zakdq0KDxJTbY0vVtb4UnS3BcqwnmWWBr-46ZdA_gBz1ZQ22Ti9yfnuVVB1lUVddgsZ2J1rdhgbCxk1VoBo14luP7CdN2DlklqFKE27xC-i0CrOfEt-3CG&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll [2014-01-17] (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL [2012-02-20] (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll [2014-08-06] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
BHO: BHO_TIMELINEREMOVE.Bho -> {e7b9b609-19ad-40a4-a288-b300a3087465} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll [2014-01-17] (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll [2012-02-20] (AuthenTec Inc.)
BHO-x32: Windows Live ID 登入協助程式 -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll [2014-08-06] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
DPF: HKLM-x32 {093754E3-943C-4FEB-8C19-2ED5D02CBE15} https://rtn.tax.nat.gov.tw/ibx/include/P7Client.cab
DPF: HKLM-x32 {1B6E47E1-F389-4BBA-9524-B96E0BA2CBDA} https://rtn.tax.nat.gov.tw/ibx/include/ChtETaxCOM.cab
DPF: HKLM-x32 {884C5B76-B154-45B5-A1ED-3746D0CCA352} http://download.powercam.com.tw/fsplayer7.cab
DPF: HKLM-x32 {D7D87BA8-3526-40AF-A8F0-9B44E64177C7} https://rtn.tax.nat.gov.tw/ibx/include/CHTSecurityClient.cab
DPF: HKLM-x32 {EC55014B-4D8D-4C8E-AC98-BFA7C1B315F7} http://118.163.104.242/PVRemoteViewX.cab
DPF: HKLM-x32 {F2F1C830-A734-49F4-B4B3-DDF29EBEC9C7} https://rtn.tax.nat.gov.tw/ibx/include/TwcaTax3.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll [2014-08-06] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll [2014-08-06] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll [2014-01-17] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll [2014-01-17] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2013-09-26] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{600AA529-4983-4DDA-BC72-2BB4B61424B1}: [DhcpNameServer] 168.95.1.1 168.95.192.1
Tcpip\..\Interfaces\{6BE378FB-B700-40DE-BAB6-2C320F5E2C8B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8A9FA01B-3B16-4E6D-8B86-3EC2897E9740}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tu Wei\AppData\Roaming\Mozilla\Firefox\Profiles\8c35nwvv.default-1437897782380
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-12-29] ()
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1496139827-2270205386-719297574-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tu Wei\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1496139827-2270205386-719297574-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tu Wei\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll [2012-05-31] ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2015-07-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-04]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected] [2015-07-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2015-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-12-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-04-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Tu Wei\AppData\Roaming\Mozilla\Firefox\Profiles\v29yeal5.default-1426250431917\extensions\[email protected]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Tu Wei\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tu Wei\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-26]
CHR Extension: (Skype Click to Call) - C:\Users\Tu Wei\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-29]
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-06]
CHR HKLM-x32\...\Chrome\Extension: [nibgmhfiionbhpeidijmiildfjnbbkic] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-02-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S4 Checker; C:\Program Files\Checker\check.exe [376832 2015-07-20] () [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S4 QRX61; C:\Users\Tu Wei\AppData\Local\CamMonitor1024\cammonitor.exe [33280 2015-07-24] () [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S4 ExtTag; C:\ProgramData\ExtTag\ExtTag [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-18] (DT Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MHIKEY11; C:\Windows\System32\Drivers\MHIKEY11x64.sys [61568 2011-04-19] (Generic USB smartcard reader) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
S3 QHNAT; C:\Windows\System32\DRIVERS\QHNAT.sys [31920 2013-11-28] (360.cn)
R3 QHNATMP; C:\Windows\System32\DRIVERS\QHNAT.sys [31920 2013-11-28] (360.cn)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-03-03] ()
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
U2 SCardDrv; No ImagePath
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 21:12 - 2015-07-26 21:13 - 00033865 _____ C:\Users\Tu Wei\Desktop\FRST.txt
2015-07-26 21:12 - 2015-07-26 21:13 - 00000000 ____D C:\FRST
2015-07-26 21:12 - 2015-07-26 21:12 - 02146816 _____ (Farbar) C:\Users\Tu Wei\Desktop\FRST64.exe
2015-07-26 21:08 - 2015-07-26 21:08 - 00509440 _____ (Tech Support Guy System) C:\Users\Tu Wei\Desktop\SysInfo.exe
2015-07-26 20:18 - 2015-07-26 20:18 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-07-26 20:18 - 2015-07-26 20:18 - 00001945 _____ C:\Windows\epplauncher.mif
2015-07-26 20:18 - 2015-07-26 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-07-26 20:17 - 2015-07-26 20:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-07-26 20:16 - 2015-07-26 20:16 - 14243008 _____ (Microsoft Corporation) C:\Users\Tu Wei\Desktop\MSEInstall(2).exe
2015-07-26 17:32 - 2015-07-26 17:32 - 00003063 _____ C:\Users\Tu Wei\Desktop\JRT.txt
2015-07-26 17:00 - 2015-07-26 19:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-26 16:59 - 2015-07-26 16:59 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-26 16:59 - 2015-07-26 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-26 16:59 - 2015-07-26 16:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-26 16:59 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-26 16:59 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-26 16:59 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-26 16:56 - 2015-07-26 16:56 - 02248704 _____ C:\Users\Tu Wei\Desktop\adwcleaner_4.208.exe
2015-07-26 16:56 - 2015-07-26 16:56 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Tu Wei\Desktop\JRT.exe
2015-07-26 16:50 - 2015-07-26 16:50 - 00000000 ____D C:\ProgramData\VIPRE
2015-07-26 16:50 - 2015-07-26 16:50 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-26 16:36 - 2015-07-26 16:36 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-07-26 16:30 - 2015-07-26 19:45 - 00000840 _____ C:\Windows\setupact.log
2015-07-26 16:30 - 2015-07-26 19:44 - 00010778 _____ C:\Windows\PFRO.log
2015-07-26 16:30 - 2015-07-26 16:30 - 00000000 _____ C:\Windows\setuperr.log
2015-07-26 16:27 - 2015-07-26 16:27 - 00000315 _____ C:\0.bak
2015-07-26 16:13 - 2015-07-26 16:23 - 00001142 _____ C:\Users\Tu Wei\Desktop\RegCure Pro.lnk
2015-07-26 16:11 - 2015-07-26 16:12 - 07139680 _____ (ParetoLogic, Inc.) C:\Users\Tu Wei\Downloads\RegCureProSetup_46DF668A-D798-418E-9DEB-A50615112E25_.exe
2015-07-26 04:48 - 2015-07-26 13:56 - 01350649 _____ C:\spyhunter.fix
2015-07-26 04:48 - 2015-07-26 04:48 - 00003258 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-07-26 04:48 - 2015-04-17 09:11 - 00021888 _____ C:\Windows\SysWOW64\sh4native.exe
2015-07-26 02:37 - 2015-07-26 02:37 - 04704832 _____ (http://www.specialuninstaller.com/ ) C:\Users\Tu Wei\Desktop\WinUninstaller_Setup.exe
2015-07-25 21:55 - 2015-07-26 02:06 - 00000000 ____D C:\ProgramData\ExtTag
2015-07-25 21:55 - 2015-07-25 21:55 - 00003496 _____ C:\Windows\System32\Tasks\snp
2015-07-25 21:55 - 2015-07-25 21:55 - 00003134 _____ C:\Windows\System32\Tasks\snf
2015-07-25 21:55 - 2015-07-25 21:55 - 00000000 ____D C:\ProgramData\ExtTags
2015-07-25 05:41 - 2015-07-25 05:41 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-07-24 19:17 - 2015-07-26 17:13 - 00000000 ____D C:\AdwCleaner
2015-07-24 17:45 - 2015-07-25 21:56 - 00001125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-24 17:45 - 2015-07-25 21:56 - 00001119 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-24 17:42 - 2015-07-24 17:42 - 41128904 _____ C:\Users\Tu Wei\Downloads\Firefox Setup 39.0.exe
2015-07-24 17:29 - 2015-07-24 20:11 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Fresh Infancy
2015-07-24 17:29 - 2015-07-24 20:09 - 00000000 ____D C:\Program Files (x86)\Millennials to Snake People
2015-07-24 15:43 - 2015-07-24 20:09 - 00000000 ____D C:\Program Files (x86)\064c900f-0609-4a40-b403-504f6226b154
2015-07-24 15:43 - 2015-07-24 18:43 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-24 15:42 - 2015-07-24 15:42 - 00000000 _____ C:\Windows\prleth.sys
2015-07-24 15:42 - 2015-07-24 15:42 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-24 15:37 - 2015-07-24 15:37 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\%PRODUCTNAME%
2015-07-24 15:35 - 2015-07-24 17:35 - 00000000 ____D C:\Program Files\Checker
2015-07-24 15:35 - 2015-07-24 15:35 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\CamMonitor1024
2015-07-24 15:33 - 2015-07-24 17:25 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\Chromium
2015-07-24 15:32 - 2015-07-24 20:09 - 00000000 ____D C:\Program Files (x86)\6cadc468-286c-43a2-9c59-b4ef60557d02
2015-07-24 15:32 - 2009-06-11 05:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-24 15:30 - 2015-07-24 20:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2015-07-22 17:15 - 2015-07-22 17:15 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-21 09:41 - 2015-07-15 11:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 09:41 - 2015-07-15 11:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 09:41 - 2015-07-15 11:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 09:41 - 2015-07-15 11:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 09:41 - 2015-07-15 10:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 09:41 - 2015-07-15 10:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 09:41 - 2015-07-15 10:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 09:41 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 09:41 - 2015-07-15 09:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 09:41 - 2015-07-15 09:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-16 09:55 - 2015-07-16 09:55 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\CEF
2015-07-15 12:14 - 2015-07-10 01:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 12:14 - 2015-07-10 01:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 12:14 - 2015-07-10 01:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 12:14 - 2015-07-10 01:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 12:14 - 2015-07-10 01:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 12:14 - 2015-07-10 01:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 12:14 - 2015-07-10 01:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 12:14 - 2015-07-10 01:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 12:14 - 2015-06-25 16:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 12:14 - 2015-06-02 08:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 12:14 - 2015-06-02 07:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 12:13 - 2015-07-03 05:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 12:13 - 2015-07-03 05:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 12:13 - 2015-07-03 04:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 12:13 - 2015-07-03 04:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 12:13 - 2015-07-03 04:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 12:13 - 2015-07-03 04:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 12:13 - 2015-07-03 04:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 12:13 - 2015-07-03 04:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 12:13 - 2015-07-03 04:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 12:13 - 2015-07-03 03:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 12:13 - 2015-07-03 03:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 12:13 - 2015-07-03 02:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 12:13 - 2015-06-27 10:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 12:13 - 2015-06-27 10:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 12:13 - 2015-06-27 09:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 12:13 - 2015-06-27 09:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 12:13 - 2015-06-18 01:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 12:13 - 2015-06-18 01:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 12:12 - 2015-06-26 02:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 12:12 - 2015-06-26 01:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 12:12 - 2015-06-21 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 12:12 - 2015-06-21 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 12:12 - 2015-06-21 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 12:12 - 2015-06-21 03:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 12:12 - 2015-06-21 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 12:12 - 2015-06-21 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 12:12 - 2015-06-21 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 12:12 - 2015-06-21 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 12:12 - 2015-06-21 03:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 12:12 - 2015-06-21 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 12:12 - 2015-06-21 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 12:12 - 2015-06-21 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 12:12 - 2015-06-21 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 12:12 - 2015-06-21 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 12:12 - 2015-06-21 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 12:12 - 2015-06-21 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 12:12 - 2015-06-21 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 12:12 - 2015-06-21 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 12:12 - 2015-06-21 02:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 12:12 - 2015-06-21 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 12:12 - 2015-06-21 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 12:12 - 2015-06-21 02:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 12:12 - 2015-06-21 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 12:12 - 2015-06-20 02:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 12:12 - 2015-06-20 02:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 12:12 - 2015-06-20 02:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 12:12 - 2015-06-20 02:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 12:12 - 2015-06-20 02:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 12:12 - 2015-06-20 02:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 12:12 - 2015-06-20 02:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 12:12 - 2015-06-20 02:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 12:12 - 2015-06-20 02:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 12:12 - 2015-06-20 02:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 12:12 - 2015-06-20 01:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 12:12 - 2015-06-20 01:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 12:12 - 2015-06-20 01:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 12:12 - 2015-06-20 01:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 12:12 - 2015-06-20 01:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 12:12 - 2015-06-20 01:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 12:12 - 2015-06-20 01:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 12:12 - 2015-06-20 01:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 12:12 - 2015-06-20 01:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 12:11 - 2015-07-02 04:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 12:11 - 2015-07-02 04:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 12:11 - 2015-07-02 04:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 12:11 - 2015-07-02 04:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 12:11 - 2015-07-02 04:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 12:11 - 2015-07-02 04:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 12:11 - 2015-07-02 04:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 12:11 - 2015-07-02 04:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 12:11 - 2015-07-02 04:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 12:11 - 2015-07-02 04:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 12:11 - 2015-07-02 04:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 12:11 - 2015-07-02 03:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 12:11 - 2015-07-02 03:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 12:11 - 2015-07-02 03:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 12:10 - 2015-07-10 01:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 12:10 - 2015-07-10 01:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 12:10 - 2015-07-10 01:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 12:10 - 2015-07-10 01:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 12:10 - 2015-07-10 01:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 12:10 - 2015-07-10 01:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 12:10 - 2015-07-10 01:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 12:10 - 2015-07-10 01:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 12:10 - 2015-07-05 02:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 12:10 - 2015-07-05 01:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 12:10 - 2015-07-02 04:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 12:10 - 2015-07-02 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 12:10 - 2015-07-02 04:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 12:10 - 2015-07-02 04:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 12:10 - 2015-07-02 04:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 12:10 - 2015-06-16 05:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 12:10 - 2015-06-16 05:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 12:10 - 2015-06-16 05:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 12:10 - 2015-06-16 05:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 12:10 - 2015-06-16 05:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 12:10 - 2015-06-16 05:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 12:10 - 2015-06-16 05:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 12:10 - 2015-06-16 05:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 12:10 - 2015-06-16 05:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 12:10 - 2015-06-16 05:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 12:10 - 2015-06-16 05:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 12:10 - 2015-06-16 05:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 12:10 - 2015-04-28 03:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 12:10 - 2015-04-28 03:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 12:10 - 2015-04-28 03:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 12:10 - 2015-04-28 03:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 12:10 - 2015-04-28 03:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 12:10 - 2015-04-28 03:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 12:10 - 2015-04-28 03:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 12:10 - 2015-04-28 03:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 10:37 - 2015-07-23 23:01 - 00683589 _____ C:\Users\Tu Wei\Desktop\13072015.xlsx
2015-07-14 23:48 - 2015-07-15 15:08 - 00009613 _____ C:\Users\Tu Wei\Desktop\Money owed Meiya.xlsx
2015-07-14 15:30 - 2015-07-14 15:30 - 21204992 _____ C:\Users\Tu Wei\Desktop\Copy of TW+price++2015-7-14+xls.xls
2015-07-09 16:25 - 2015-07-14 15:17 - 00073728 _____ C:\Users\Tu Wei\Desktop\Flood light sticker.xls
2015-07-09 16:12 - 2015-07-15 16:18 - 00117760 _____ C:\Users\Tu Wei\Desktop\Copy of label (4).xls
2015-07-06 11:17 - 2015-07-23 22:51 - 00010774 _____ C:\Users\Tu Wei\Desktop\GU10 led.xlsx
2015-07-04 09:59 - 2015-07-26 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-01 15:10 - 2015-07-16 03:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-01 15:10 - 2015-07-01 15:10 - 00002007 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-01 15:06 - 2015-07-17 09:42 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-06-30 10:04 - 2015-06-30 10:08 - 172688431 _____ C:\Users\Tu Wei\Desktop\20150204_105902.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 21:09 - 2012-06-18 15:22 - 01472986 _____ C:\Windows\WindowsUpdate.log
2015-07-26 20:42 - 2012-05-15 04:40 - 00000526 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-26 20:19 - 2015-06-19 21:18 - 00000568 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001UA.job
2015-07-26 19:55 - 2009-07-14 12:45 - 00028576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-26 19:55 - 2009-07-14 12:45 - 00028576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-26 19:52 - 2009-07-14 13:13 - 00797850 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-26 19:47 - 2014-02-03 15:26 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-26 19:46 - 2013-11-13 16:01 - 00000000 ___RD C:\Users\Tu Wei\Dropbox
2015-07-26 19:46 - 2013-11-13 15:52 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Dropbox
2015-07-26 19:45 - 2012-07-31 12:45 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-26 19:44 - 2015-06-19 21:18 - 00000516 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001Core.job
2015-07-26 19:44 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 19:36 - 2015-06-19 21:18 - 00003550 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001UA
2015-07-26 19:36 - 2015-06-19 21:18 - 00003154 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001Core
2015-07-26 19:29 - 2012-06-18 15:23 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Macromedia
2015-07-26 16:30 - 2012-05-15 05:12 - 00000000 ____D C:\ProgramData\Trend Micro
2015-07-26 16:27 - 2015-01-09 21:00 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-26 16:27 - 2015-01-09 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-26 16:27 - 2014-04-30 23:29 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Media Player Classic
2015-07-26 16:27 - 2014-04-13 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-26 16:27 - 2014-01-17 16:42 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\360CloudWifi
2015-07-26 16:27 - 2013-12-09 22:09 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2015-07-26 16:27 - 2013-07-16 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-07-26 16:27 - 2012-12-29 22:30 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\PMB Files
2015-07-26 16:27 - 2012-12-29 21:28 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-07-26 16:27 - 2012-08-14 23:00 - 00000000 ____D C:\Program Files (x86)\唾昜蟀蟀艘
2015-07-26 16:27 - 2012-06-30 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-07-26 16:27 - 2012-06-22 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-07-26 16:27 - 2012-06-18 17:44 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-07-26 16:27 - 2012-06-18 16:32 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\uTorrent
2015-07-26 16:27 - 2012-06-18 15:23 - 00000000 ____D C:\Users\Tu Wei
2015-07-26 16:27 - 2012-05-15 05:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AuthenTec TrueSuite
2015-07-26 16:27 - 2012-05-15 04:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet 無線
2015-07-26 16:27 - 2011-02-11 06:48 - 00000000 ____D C:\Windows\Panther
2015-07-26 16:27 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Default
2015-07-26 16:27 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\tracing
2015-07-26 14:05 - 2012-08-14 22:56 - 00236080 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-07-26 06:34 - 2015-01-09 21:00 - 00000000 ____D C:\Program Files\WinRAR
2015-07-26 06:33 - 2012-06-20 12:46 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\vlc
2015-07-26 03:10 - 2015-01-09 21:08 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-26 03:10 - 2015-01-09 21:08 - 00000000 ____D C:\Program Files\CCleaner
2015-07-25 21:56 - 2012-06-18 15:24 - 00000979 _____ C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-25 13:55 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 23:14 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-24 23:13 - 2012-06-20 10:08 - 00000000 ____D C:\Users\Tu Wei\Documents\Home Champion
2015-07-24 20:39 - 2015-03-13 20:54 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-24 20:11 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PLA
2015-07-24 20:09 - 2015-01-05 09:17 - 00000000 ____D C:\Program Files (x86)\67b4ec9f-169e-4279-8279-b240c9fab477
2015-07-24 19:22 - 2012-09-16 17:18 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-24 19:20 - 2012-06-18 17:09 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Skype
2015-07-24 17:55 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-24 17:50 - 2012-06-18 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-24 17:48 - 2012-08-14 22:56 - 00025136 _____ (Trend Micro Inc.) C:\Windows\DCEBoot64.exe
2015-07-24 17:31 - 2013-07-16 22:14 - 00000000 ____D C:\Windows\Minidump
2015-07-24 17:24 - 2009-07-14 10:34 - 00000580 _____ C:\Windows\win.ini
2015-07-24 15:34 - 2012-05-15 04:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-24 15:34 - 2012-05-15 04:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-24 15:34 - 2012-05-15 04:40 - 00003464 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-23 20:23 - 2012-08-02 22:30 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\Trend Micro
2015-07-22 17:07 - 2009-07-14 12:45 - 00444928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-17 09:44 - 2014-04-13 17:37 - 00000000 ____D C:\ProgramData\Oracle
2015-07-17 09:44 - 2012-05-15 04:22 - 00000000 ____D C:\Program Files\Java
2015-07-16 21:50 - 2013-11-15 15:21 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-07-16 21:50 - 2013-11-15 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-07-16 04:26 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 03:34 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 03:34 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 03:33 - 2014-12-13 20:56 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 03:33 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 03:13 - 2012-06-18 19:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 03:09 - 2013-07-16 22:49 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 03:02 - 2014-12-30 09:46 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-06 13:30 - 2012-06-18 17:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-06 13:30 - 2012-05-15 05:10 - 00000000 ____D C:\ProgramData\Skype
2015-07-05 18:08 - 2010-11-21 11:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-05 08:40 - 2014-12-05 22:31 - 00000000 __SHD C:\Users\Tu Wei\AppData\Local\EmieBrowserModeList
2015-07-05 08:40 - 2014-04-22 21:02 - 00000000 __SHD C:\Users\Tu Wei\AppData\Local\EmieUserList
2015-07-05 08:40 - 2014-04-22 21:02 - 00000000 __SHD C:\Users\Tu Wei\AppData\Local\EmieSiteList
2015-07-03 08:43 - 2012-06-21 08:04 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 16:55 - 2012-06-18 16:20 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Adobe
2015-07-01 15:46 - 2014-08-19 09:56 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\Adobe
2015-07-01 15:10 - 2012-05-15 04:44 - 00000000 ____D C:\ProgramData\Adobe
2015-07-01 15:10 - 2012-05-15 04:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-01 15:09 - 2012-06-18 17:05 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-01 15:09 - 2012-06-18 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== Files in the root of some directories =======

2012-12-29 22:36 - 2012-12-29 23:18 - 2097152000 _____ () C:\Program Files (x86)\GarenaTWLoL_Install_121212.1.dat
2012-12-29 22:35 - 2012-12-29 23:18 - 795893315 _____ () C:\Program Files (x86)\GarenaTWLoL_Install_121212.2.dat
2012-12-30 00:20 - 2012-12-30 00:20 - 0000012 _____ () C:\Program Files (x86)\locale.properties
2015-07-26 16:13 - 2015-07-26 17:01 - 0000115 _____ () C:\Users\Tu Wei\AppData\Roaming\LogFile.txt
2013-12-09 22:03 - 2013-12-09 22:03 - 0000036 _____ () C:\Users\Tu Wei\AppData\Local\housecall.guid.cache
2014-04-12 22:30 - 2014-04-13 00:04 - 0000600 _____ () C:\Users\Tu Wei\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
C:\Users\Tu Wei\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm0a_bk.dll
C:\Users\Tu Wei\AppData\Local\Temp\Quarantine.exe
C:\Users\Tu Wei\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-23 00:10

==================== End of log ============================


----------



## hexagon (Aug 13, 2005)

FRST ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Tu Wei at 2015-07-26 21:13:39
Running from C:\Users\Tu Wei\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1496139827-2270205386-719297574-500 - Administrator - Disabled)
Guest (S-1-5-21-1496139827-2270205386-719297574-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1496139827-2270205386-719297574-1005 - Limited - Enabled)
Tu Wei (S-1-5-21-1496139827-2270205386-719297574-1001 - Administrator - Enabled) => C:\Users\Tu Wei

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
360随身WiFi (HKLM-x32\...\360AP) (Version: 2.0.0.1057 - 360互联网安全中心)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AliIM Plugins for Browser (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple 應用程式支援 (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
AuthenTec TrueSuite (HKLM\...\{1E1771A5-9BDA-4F91-ACEA-9798BCF8CFDD}) (Version: 5.2.0.675 - AuthenTec, Inc.)
AuthenTec WinBio FingerPrint Software (HKLM\...\{403EB04F-20E8-4C55-B989-4040340B3040}) (Version: 3.2.1.1030 - AuthenTec, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Freemake Video Converter version 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/無線 WiFi 軟體 (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KKMAN (HKLM-x32\...\KKMAN) (Version: 3.2 - 願境網訊股份有限公司(KKBOX Co., Ltd))
K-Lite Codec Pack 8.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.8.0 - )
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
LINE (HKLM-x32\...\LINE) (Version: 4.1.1.423 - LINE Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.0.35625 - Grinding Gear Games)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.5.15.13232 - Sony Computer Entertainment Inc.)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PYV_x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.16.0 - ParetoLogic, Inc.) <==== ATTENTION!
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.5.1335 - Sling Media)
SlingPlayer (x32 Version: 1.5.1335 - Sling Media) Hidden
SmartCard Reader Driver Installation (HKLM-x32\...\InstallShield_{C6D91586-9F98-4CFD-9BC3-FC0800911005}) (Version: 1.2.4.16 - 您的公司名稱)
SmartCard Reader Driver Installation (x32 Version: 1.2.4.16 - 您的公司名稱) Hidden
Snap.Do Engine (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\{b597cadb-3cba-4cb4-876a-28ff6992798a}) (Version: 11.140.1.20709 - ReSoft Ltd.) <==== ATTENTION
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TimeLineRemove 0.9 (HKLM-x32\...\TimeLineRemove_is1) (Version: 0.9 - TimeLineRemove)
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.00.14200 - Sony Corporation)
VAIO - PlayStation®3 隨附的遠端鍵盤 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO - TrackID™ 隨附的 BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - 遠端鍵盤 (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.2.0.10131 - Sony Corporation)
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.2.16060 - Sony Corporation)
VAIO CPU 風扇診斷 (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.3.0.12280 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.1.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.14.1.07010 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.1.06040 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO 手冊 (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
VAIO 資料還原工具 (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VBMx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC Streamer 5.04 (HKLM-x32\...\VLC Streamer_is1) (Version: - )
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.0.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
台北富邦銀行帳單瀏覽程式 (HKLM-x32\...\{F6FD0A21-EF80-4941-BC62-50A5A9E24746}) (Version: 4.20.0000 - 台北富邦銀行)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{00249E9F-88FF-45d5-82DB-A1BEE06E123C}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tu Wei\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tu Wei\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

24-07-2015 21:27:43 Checkpoint by HitmanPro
26-07-2015 16:27:09 RegCure Pro Backup
26-07-2015 16:59:14 JRT Pre-Junkware Removal
26-07-2015 17:24:24 JRT Pre-Junkware Removal
26-07-2015 20:23:19 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02525070-0BC8-406A-BC6D-480EFA1BB45F} - System32\Tasks\snf => C:\ProgramData\ExtTag\e4fbamcd.exe [2015-07-25] ()
Task: {0DC3BD4C-AE58-4BDF-B4E6-B80AD588FCA9} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-21] (Sony Corporation)
Task: {111DDEDD-4970-4381-B8F4-1621BC77E517} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1268376A-7C91-431D-AF10-9233B824F665} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24] (Adobe Systems Incorporated)
Task: {145B3C92-DFB7-4286-B444-F06A21EE7CB3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001Core => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {1C619F56-F947-4626-96C6-BD803140C4E7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {250B5D1A-A896-45C0-A98B-8D9051F85B3D} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {26BB5B05-08E1-4D43-92E5-E33AE9FFECA4} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {274B3047-6BA8-489B-815E-DEF9BD14524B} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {357A088D-89B0-4F38-B1BF-BEC43BF818B5} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3687E660-9E1C-49F8-8AED-A2476912D22F} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {3F5512D5-55F4-423D-BA9D-23F46AF19A9C} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-21] (Sony Corporation)
Task: {488D88D1-3748-4487-8B7D-92313B93C683} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001UA => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {4AA9D819-F9A1-40BB-9B48-D98553478C0C} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {53F45BC4-07E8-474B-B72A-1EB4BBEE05E9} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5D09369C-BA55-4F08-AF2A-0E41C7691801} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {6B60ADC8-5F31-4ED2-B786-7EC50FE9D1AD} - System32\Tasks\360safe\360APMainProg => C:\Program Files (x86)\360\360AP\360AP.exe [2015-06-29] (360.cn)
Task: {6D0FB745-A368-484D-A06F-1A8200123F52} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {774EBACF-607A-4EC7-8820-38A1D57EA2AA} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8D40F372-75C2-421C-8800-6B64116DF42D} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {912828AD-75A4-439E-91F9-86D7DC9EC980} - System32\Tasks\SpyHunter4Startup => C:\Users\TUWEI~1\AppData\Local\Temp\RarSFX0\SpyHunter4.exe <==== ATTENTION
Task: {91B546FE-C12D-4D4A-8670-CAAB059137E9} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {93B7A442-5CF1-46F6-8B46-7A3F5E0E6AA4} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {93CB68A7-5AF1-4969-A117-6D9B641C1CA7} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9A4D531B-A6C3-40A8-9B27-4DE5C3B1544F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
Task: {A354C2D9-D020-4728-B01A-6266789768F5} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {A5A99BE4-E30D-4369-A019-08A2B9DF6075} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {A7EFC49A-54F6-4802-B182-1243A5F525A6} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {A90BD654-1F16-40ED-9E7F-B02C5A084E1D} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {A9271D0C-8025-4E7D-A1EC-CC13A3F09F33} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {B5E43993-DF8C-4662-870E-836C7A85D2A7} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {C325F7BE-94E6-4381-8B6E-867E94867BD2} - System32\Tasks\snp => C:\ProgramData\ExtTag\e4fbamcd.exe [2015-07-25] ()
Task: {CC38F8C6-9980-4644-AA28-C5355A1BB4A1} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {CFA25D8D-DC43-40B9-BC64-151640FC1C49} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D223D8F6-4B18-478A-857A-322383D72D13} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D8102CF1-5AE7-4D90-8E77-9F31F6CBB172} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {DDC28C18-EDBC-4853-B2B4-EF0B1EE05EAA} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {E2928140-BFC1-48F5-8A27-3ADE7C5BAA0E} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {E9CC9F4A-B95C-439D-B764-A75684689E79} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {EDACABCE-BA07-4C0F-8BDE-2BB15A1CEB21} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {F08F5641-CF43-4E3F-8BCB-C17713EF6776} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {F5530F5D-86AA-4FAE-B868-81E20C26FADC} - \ProPCCleaner_Start No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001Core.job => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001UA.job => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-05-15 04:05 - 2013-06-21 18:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-20 04:57 - 2012-02-20 04:57 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2012-02-20 04:57 - 2012-02-20 04:57 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2013-01-04 16:49 - 2012-11-30 18:18 - 00258224 _____ () C:\Users\Tu Wei\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-05 10:04 - 2012-04-04 04:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-15 03:41 - 2015-07-26 03:06 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-01-20 20:17 - 2014-01-20 20:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-26 19:45 - 2015-07-26 19:45 - 00043008 _____ () c:\users\tuwei~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm0a_bk.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00750080 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00047616 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00865280 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00200704 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00010240 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00726016 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00010240 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-05-15 04:36 - 2012-04-06 14:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2015-07-25 21:55 - 2015-07-25 21:55 - 01162752 _____ () C:\ProgramData\ExtTag\du1nyzex.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-28 05:06 - 2014-11-28 05:06 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\50ac882adf9224ba736ae207768122c4\IsdiInterop.ni.dll
2012-05-15 03:58 - 2012-05-02 20:53 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-05-15 04:07 - 2012-03-23 16:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\ebill.ba.org.tw -> hxxps://ebill.ba.org.tw
IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\fisc.com.tw -> hxxps://fisc.com.tw
IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\gov.tw -> hxxps://pfiles.tax.nat.gov.tw
IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\paytax.nat.gov.tw -> hxxps://paytax.nat.gov.tw

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1496139827-2270205386-719297574-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Checker => 2
MSCONFIG\Services: ExtTag => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: QRX61 => 2
MSCONFIG\startupfolder: C:^Users^Tu Wei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BePCSC => C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: SmartMon => C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Tu Wei\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AE244612-7FAD-46F4-9B52-89E1682D8AD5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7378281C-7D74-417C-BB16-02F79B6A3FFC}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{A952712E-9872-41B1-8DA2-D6E150264DF6}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{B7A77258-85ED-4456-8233-C73E290CA70B}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{AE2FC8C2-2F76-4922-98CA-A608EA598551}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{39DC1EC0-1AB7-40EA-A526-B6F340C5481A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{166B27E9-FE12-45F3-A6B2-C898DDCE86DB}] => (Allow) LPort=2869
FirewallRules: [{5D10F408-4801-4AD4-88DB-D72F921676BC}] => (Allow) LPort=1900
FirewallRules: [{3D441816-2914-4774-91B9-AB77945D781A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B03C9B78-7FA5-4C64-935A-DAD9803CE795}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{409B49AA-B33D-4742-B446-384410D9BF61}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{78C001B1-9A2A-411D-87C6-3DA5642A6B55}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{52E8C440-9E0A-412C-A226-C3CA8A55C525}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D53B6B71-331A-4D06-9B21-93AF389F80AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{073BEF57-156B-4DFA-B48F-3F8DFA54BF8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3BE983EE-20B4-4A88-98EF-8BCCA4E089AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7BED94C9-7ADF-4C0C-BF90-91B6093EF0E6}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{71CF614C-5C50-4BEC-9365-51CF1EF8D084}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{D3542106-D67E-481A-AB54-8DE466C42615}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{7E374658-1D42-4AA1-B93F-2F5A4D324A2E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{49985A43-C9C2-4B52-B1A1-39B0F70F9B5A}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{FDCEA323-F417-4ACF-9212-47FB882D8E5C}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{92DF1C38-E118-4B02-BFC1-A81E0B184D94}] => (Allow) LPort=8370
FirewallRules: [{E4B9A098-518B-423B-9755-CBAACD1D566A}] => (Allow) LPort=8370
FirewallRules: [{EC017DA0-71AC-4856-A4D6-5F59769C3CA3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3865C0E0-244B-4FCF-9BFF-DFC6D74A2D31}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{17414DE5-B236-4B70-8297-823B2A65AF44}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BDEE85AB-9DB4-481A-8B35-53E1F350B7F3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5B1B8E2F-8433-4DFB-A871-316A9A6BCAEC}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{E5A0A1CB-7B30-4BF4-96BE-97DFEC105820}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E3169FD8-04D9-42D9-89AD-B7F21C35365F}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{9D9E46AC-ADFE-45C6-8F56-7BBCB810B267}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{94CD6032-0B1A-4ACA-A89D-D39D636D8EA3}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{3D96DB1B-933B-44D8-AD32-BA92B14E5E16}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{6724EA81-4A3E-4C29-BF29-1BBDDF0AEE1C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{49E8B858-DF27-436B-955B-0EBCD7147CD2}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [UDP Query User{3C279B9A-A362-4076-A989-5560A9D95998}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [{E0D0002E-CE3D-4065-AFC3-98186ACEF72F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{90B7E957-612A-4DC8-999E-6CAA1B68251B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{6FB17F79-1315-47FA-A777-85A11DB97C6D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{86ABA188-56C6-4149-9C47-C9DD93D3C31C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [TCP Query User{F857765D-D2EF-4620-955F-C4D806C4C63B}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [UDP Query User{82C63B30-7251-4B79-9986-85A5CFB8D3E1}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{C5F6EC85-0AF6-4F71-9249-7AB5D45F0DEF}] => (Block) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{637820FC-15B7-44D8-A6BC-8E909919A4DB}] => (Block) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{5F01FDB6-FF27-44E6-BBF8-A33AE9DA1EB9}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D38DCB1B-31AC-4E25-97F1-AD53C896BE60}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{69DD2755-7089-4A4D-8F17-4AE362FE90BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{88F785D8-53C0-4F92-BC9F-03C84CF13F3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D9441D5-8561-4C0C-A427-0B6CD5E3FAE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{130C83F4-E8F1-416F-9E2B-2ED17BA768E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7D17C4EA-BF9D-4AEF-8408-4DB253C1F2A8}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FDC6BC51-E6E2-4F70-9C5A-FD15DE0390E9}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{21834655-B01D-4B8A-A302-13A0D445538E}C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0843596C-5BD6-48E0-BF72-079FB0A0C610}C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{6E0753B1-9DCA-42E2-B4D2-D6FFB127FE3C}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{0D7CE84C-D0F2-41B9-A083-3E05058F6405}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{D780F481-68F2-4A6B-BB30-376C2E239FD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F4AE5C1B-F035-4EF4-B47F-196A1E5CC7E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{ABA16DEF-DEE3-4473-9B7A-B3282657B647}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0B779F9B-C02B-4561-97E3-EDEA73274694}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7E67F87-34CD-4381-894B-465B1D0E1A70}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8C8F715E-9754-4C3A-B50D-65E7F8D65574}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D394F52-7C07-4DF4-ADF1-00A0191166CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AB05BCD4-29C2-4A1E-98BD-61B35D0F44F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{ED512462-9B6A-4BF4-8A54-7F62587843FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{97CC90C3-F05C-4863-ADBE-F1FA035E7948}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E6F8BD03-5D4F-4387-86AD-3E9986CD01F6}] => (Allow) C:\Program Files (x86)\360\360AP\360AP.exe
FirewallRules: [{2F37AEA6-A54C-46F6-AA28-54DDDB7B2C12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe
FirewallRules: [{D11AC70D-F4A2-4EC2-8C72-96BAB211799C}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{A67EAF4D-9F64-438B-B1F9-E3C0772913B4}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{59DF33B2-8300-4984-AE62-E53B41116845}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{606C539B-3F09-41E3-89FD-9E746233F371}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{60C9761C-A75E-4221-8470-08E1ADF52EF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FDE7DB9E-0296-41FC-8AE0-09502490F607}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7284F8C0-F51C-4C72-939E-32E39E9CA4DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD36E824-B27A-4882-B2E5-B74B4E26EF83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B7647F30-7DA3-40D1-B62C-3CF7FA493215}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{594EDAAD-6B73-467E-BE34-AEAF45C1A1A6}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{3FF85416-3FA7-40B8-9225-56869F0E4933}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{F019368A-5CE1-482E-B161-AA3C30B0BC47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{ABD0E00F-38DA-44F8-8C7E-8AD6F3686035}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{AC3BEBD4-FEEA-486B-ACBF-7CB2ED4F4955}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{265CDC5E-A303-4F7B-A89B-3B9BF20F1377}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{3105A704-4D51-4FEE-8BB7-363698EBC4FD}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{4E67724B-B512-43FD-A4BC-91C8D7BD362D}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{552D1100-81F2-4077-9420-AED16C9C78B3}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E96A0905-67DD-4978-9B7A-0F2571D5BE05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADD8E301-7FCC-4F2C-B4FE-30A781A070D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B8DC0399-6158-46F3-9FA9-46DBE3E55839}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A122B09F-5E3D-490B-94C6-DE03E6275FD0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AFEDFF77-7220-4267-A653-D6B81DB5275E}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{B6D10CD6-6F06-44CF-9D2E-81B0362237E4}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{D9A13B16-8FA8-4F72-A17D-4B29E91B375C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{7ADC86B6-DF49-4999-A941-4BC89CFE9D58}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{4CE9B774-9D61-48B4-BDC9-CA57F058316B}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{F325BC39-02D1-4A59-AB19-E55C67FED3F6}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{3EB4F434-C504-4C1E-A187-173AE1BE86C6}] => (Allow) LPort=50000
FirewallRules: [{5213F027-EE95-4DAF-A1D2-2C63B032F5DE}] => (Allow) LPort=50001
FirewallRules: [{49AFDA16-897A-444E-A579-12A4D76CB770}] => (Allow) LPort=6001
FirewallRules: [{E8A2469B-713C-4B83-814F-6402CBCBBC6A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A41336E2-FC76-4766-B186-34FED1DC5101}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5B22BE10-AA7E-48B6-8733-6806E0BC9CE7}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
FirewallRules: [{E112403C-52BF-4BA8-B1A6-7CCAF10B5125}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\mDNSResponder.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe] => Enabled:iPhone PC Suite.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2015 07:45:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 07:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fe7ebfad21
Faulting process id: 0x4b0
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3

Error: (07/26/2015 07:43:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 06:26:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 06:24:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 05:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 05:11:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.55.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14fc

Start Time: 01d0c782b0f1059b

Termination Time: 3

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 4b6a8db7-3376-11e5-be4d-30f9edead3a2

Error: (07/26/2015 05:08:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 04:33:49 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/26/2015 04:33:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (07/26/2015 09:12:23 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 08:45:25 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 08:15:25 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 08:00:14 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:56:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:55:21 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:41:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:38:50 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:31:49 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:25:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Microsoft Office:
=========================
Error: (07/26/2015 07:45:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 07:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c0000005000007fe7ebfad214b001d0c78e37dba95aC:\Program Files\Sony\VAIO Care\VCAgent.exeunknown84d91942-338b-11e5-bc6c-30f9edead3a2

Error: (07/26/2015 07:43:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 06:26:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 06:24:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 05:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 05:11:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe2.3.55.014fc01d0c782b0f1059b3C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe4b6a8db7-3376-11e5-be4d-30f9edead3a2

Error: (07/26/2015 05:08:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 04:33:49 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/26/2015 04:33:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4400

CodeIntegrity Error:
===================================
Date: 2015-05-10 23:52:49.299
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:52:49.249
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:52:48.782
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:52:48.735
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:39:47.336
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:39:47.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:38:06.704
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:38:06.657
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:32:44.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:32:44.205
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 8091.28 MB
Available physical RAM: 5019.15 MB
Total Virtual: 16180.76 MB
Available Virtual: 12554.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:580.06 GB) (Free:178.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: FAE8A523)

Partition: GPT Partition Type.

==================== End of log ============================


----------



## dvk01 (Dec 14, 2002)

first
Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted









*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:










You will then see the screen below, click on the *Scan* button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the *Clean* button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same


----------



## hexagon (Aug 13, 2005)

Hi,

This is the report

# AdwCleaner v4.208 - Logfile created 27/07/2015 at 18:34:15
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Tu Wei - TUWEI-VAIO
# Running from : C:\Users\Tu Wei\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : ExtTag

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ExtTags
Folder Deleted : C:\ProgramData\ExtTag
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909

-\\ Mozilla Firefox v39.0 (x86 en-US)

-\\ Google Chrome v

-\\ Chromium v

[C:\Users\Tu Wei\AppData\Local\Chromium\User Data\Default\Secure Preferences] - Deleted [Homepage] : searchProvider","storage"],"manifest_permissions":[],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"granted_permissions":{"api":["homepage","searchProvider","storage"],"manifest_permissions":[],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13082196847228630","lastpingday":"13082194801022804","location":7,"manifest":{"chrome_settings_overrides":{"homepage":"hxxp://www.safebrowsesearch.com/?affilid=sdfsdfv4egfds3253tdvf&src=oursurfing_hp&q={searchTerms}

*************************

AdwCleaner[R0].txt - [39366 bytes] - [24/07/2015 19:17:12]
AdwCleaner[R1].txt - [2498 bytes] - [26/07/2015 17:04:40]
AdwCleaner[R2].txt - [1823 bytes] - [26/07/2015 17:12:11]
AdwCleaner[R3].txt - [2288 bytes] - [27/07/2015 18:29:14]
AdwCleaner[S0].txt - [35086 bytes] - [24/07/2015 19:21:02]
AdwCleaner[S1].txt - [2545 bytes] - [26/07/2015 17:06:08]
AdwCleaner[S2].txt - [1889 bytes] - [26/07/2015 17:13:27]
AdwCleaner[S3].txt - [2231 bytes] - [27/07/2015 18:34:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2290 bytes] ##########


----------



## dvk01 (Dec 14, 2002)

has that made any difference
if it hasn't then please run FRST again and select additions txt in the options. post both new logs


----------



## hexagon (Aug 13, 2005)

It seems that search safefinder has dissappeared from my Firefox and Chrome browser, but is still on IE.

Snap.do engine is still in my control panel\software and cannot be uninstalled

Additions FRST:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Tu Wei at 2015-07-27 23:01:21
Running from C:\Users\Tu Wei\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1496139827-2270205386-719297574-500 - Administrator - Disabled)
Guest (S-1-5-21-1496139827-2270205386-719297574-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1496139827-2270205386-719297574-1005 - Limited - Enabled)
Tu Wei (S-1-5-21-1496139827-2270205386-719297574-1001 - Administrator - Enabled) => C:\Users\Tu Wei

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
360随身WiFi (HKLM-x32\...\360AP) (Version: 2.0.0.1057 - 360互联网安全中心)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AliIM Plugins for Browser (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple 應用程式支援 (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
AuthenTec TrueSuite (HKLM\...\{1E1771A5-9BDA-4F91-ACEA-9798BCF8CFDD}) (Version: 5.2.0.675 - AuthenTec, Inc.)
AuthenTec WinBio FingerPrint Software (HKLM\...\{403EB04F-20E8-4C55-B989-4040340B3040}) (Version: 3.2.1.1030 - AuthenTec, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Freemake Video Converter version 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/無線 WiFi 軟體 (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KKMAN (HKLM-x32\...\KKMAN) (Version: 3.2 - 願境網訊股份有限公司(KKBOX Co., Ltd))
K-Lite Codec Pack 8.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.8.0 - )
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
LINE (HKLM-x32\...\LINE) (Version: 4.1.1.423 - LINE Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.0.35625 - Grinding Gear Games)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.5.15.13232 - Sony Computer Entertainment Inc.)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PYV_x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.16.0 - ParetoLogic, Inc.) <==== ATTENTION!
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.5.1335 - Sling Media)
SlingPlayer (x32 Version: 1.5.1335 - Sling Media) Hidden
SmartCard Reader Driver Installation (HKLM-x32\...\InstallShield_{C6D91586-9F98-4CFD-9BC3-FC0800911005}) (Version: 1.2.4.16 - 您的公司名稱)
SmartCard Reader Driver Installation (x32 Version: 1.2.4.16 - 您的公司名稱) Hidden
Snap.Do Engine (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\{b597cadb-3cba-4cb4-876a-28ff6992798a}) (Version: 11.140.1.20709 - ReSoft Ltd.) <==== ATTENTION
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TimeLineRemove 0.9 (HKLM-x32\...\TimeLineRemove_is1) (Version: 0.9 - TimeLineRemove)
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.00.14200 - Sony Corporation)
VAIO - PlayStation®3 隨附的遠端鍵盤 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO - TrackID™ 隨附的 BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - 遠端鍵盤 (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.2.0.10131 - Sony Corporation)
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.2.16060 - Sony Corporation)
VAIO CPU 風扇診斷 (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.3.0.12280 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.1.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.14.1.07010 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.1.06040 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO 手冊 (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
VAIO 資料還原工具 (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VBMx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC Streamer 5.04 (HKLM-x32\...\VLC Streamer_is1) (Version: - )
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.0.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
台北富邦銀行帳單瀏覽程式 (HKLM-x32\...\{F6FD0A21-EF80-4941-BC62-50A5A9E24746}) (Version: 4.20.0000 - 台北富邦銀行)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{00249E9F-88FF-45d5-82DB-A1BEE06E123C}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tu Wei\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tu Wei\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

24-07-2015 21:27:43 Checkpoint by HitmanPro
26-07-2015 16:27:09 RegCure Pro Backup
26-07-2015 16:59:14 JRT Pre-Junkware Removal
26-07-2015 17:24:24 JRT Pre-Junkware Removal
26-07-2015 20:23:19 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02525070-0BC8-406A-BC6D-480EFA1BB45F} - System32\Tasks\snf => C:\ProgramData\ExtTag\e4fbamcd.exe
Task: {0DC3BD4C-AE58-4BDF-B4E6-B80AD588FCA9} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-21] (Sony Corporation)
Task: {111DDEDD-4970-4381-B8F4-1621BC77E517} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1268376A-7C91-431D-AF10-9233B824F665} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24] (Adobe Systems Incorporated)
Task: {145B3C92-DFB7-4286-B444-F06A21EE7CB3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001Core => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {1C619F56-F947-4626-96C6-BD803140C4E7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {250B5D1A-A896-45C0-A98B-8D9051F85B3D} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {26BB5B05-08E1-4D43-92E5-E33AE9FFECA4} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {274B3047-6BA8-489B-815E-DEF9BD14524B} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {357A088D-89B0-4F38-B1BF-BEC43BF818B5} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3687E660-9E1C-49F8-8AED-A2476912D22F} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {3F5512D5-55F4-423D-BA9D-23F46AF19A9C} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-21] (Sony Corporation)
Task: {488D88D1-3748-4487-8B7D-92313B93C683} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001UA => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {4AA9D819-F9A1-40BB-9B48-D98553478C0C} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {53F45BC4-07E8-474B-B72A-1EB4BBEE05E9} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5D09369C-BA55-4F08-AF2A-0E41C7691801} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {6B60ADC8-5F31-4ED2-B786-7EC50FE9D1AD} - System32\Tasks\360safe\360APMainProg => C:\Program Files (x86)\360\360AP\360AP.exe [2015-06-29] (360.cn)
Task: {6D0FB745-A368-484D-A06F-1A8200123F52} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {774EBACF-607A-4EC7-8820-38A1D57EA2AA} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8D40F372-75C2-421C-8800-6B64116DF42D} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {912828AD-75A4-439E-91F9-86D7DC9EC980} - System32\Tasks\SpyHunter4Startup => C:\Users\TUWEI~1\AppData\Local\Temp\RarSFX0\SpyHunter4.exe <==== ATTENTION
Task: {91B546FE-C12D-4D4A-8670-CAAB059137E9} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {93B7A442-5CF1-46F6-8B46-7A3F5E0E6AA4} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {93CB68A7-5AF1-4969-A117-6D9B641C1CA7} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9633CB69-BA67-4632-98F9-697B2C401685} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {9A4D531B-A6C3-40A8-9B27-4DE5C3B1544F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
Task: {A354C2D9-D020-4728-B01A-6266789768F5} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {A5A99BE4-E30D-4369-A019-08A2B9DF6075} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {A7EFC49A-54F6-4802-B182-1243A5F525A6} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {A90BD654-1F16-40ED-9E7F-B02C5A084E1D} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {B5E43993-DF8C-4662-870E-836C7A85D2A7} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {C325F7BE-94E6-4381-8B6E-867E94867BD2} - System32\Tasks\snp => C:\ProgramData\ExtTag\e4fbamcd.exe
Task: {CC38F8C6-9980-4644-AA28-C5355A1BB4A1} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {CFA25D8D-DC43-40B9-BC64-151640FC1C49} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D223D8F6-4B18-478A-857A-322383D72D13} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D8102CF1-5AE7-4D90-8E77-9F31F6CBB172} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {DDC28C18-EDBC-4853-B2B4-EF0B1EE05EAA} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {E2928140-BFC1-48F5-8A27-3ADE7C5BAA0E} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {E9CC9F4A-B95C-439D-B764-A75684689E79} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {EDACABCE-BA07-4C0F-8BDE-2BB15A1CEB21} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {F08F5641-CF43-4E3F-8BCB-C17713EF6776} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {F5530F5D-86AA-4FAE-B868-81E20C26FADC} - \ProPCCleaner_Start No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001Core.job => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001UA.job => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-05-15 04:05 - 2013-06-21 18:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-20 04:57 - 2012-02-20 04:57 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2012-02-20 04:57 - 2012-02-20 04:57 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2013-12-09 22:04 - 2013-01-16 10:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2013-12-09 22:04 - 2013-04-02 12:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2013-12-09 22:04 - 2013-01-16 10:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2013-12-09 22:04 - 2012-12-19 04:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2013-12-09 22:04 - 2013-01-16 10:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2013-12-09 22:02 - 2013-07-23 23:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2013-01-04 16:49 - 2012-11-30 18:18 - 00258224 _____ () C:\Users\Tu Wei\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-08 18:52 - 2013-12-18 21:33 - 00057584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2012-04-05 10:04 - 2012-04-04 04:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-15 03:41 - 2015-07-26 03:06 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-01-20 20:17 - 2014-01-20 20:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-27 18:37 - 2015-07-27 18:37 - 00043008 _____ () c:\users\tuwei~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxwqclk.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00750080 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00047616 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00865280 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00200704 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00010240 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00726016 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00010240 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-05-15 04:36 - 2012-04-06 14:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-28 05:06 - 2014-11-28 05:06 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\50ac882adf9224ba736ae207768122c4\IsdiInterop.ni.dll
2012-05-15 03:58 - 2012-05-02 20:53 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-05-15 04:07 - 2012-03-23 16:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-01-10 01:05 - 2010-01-10 01:05 - 01040736 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-01-10 18:37 - 2010-01-10 18:37 - 00058208 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\ebill.ba.org.tw -> hxxps://ebill.ba.org.tw
IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\fisc.com.tw -> hxxps://fisc.com.tw
IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\gov.tw -> hxxps://pfiles.tax.nat.gov.tw
IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\paytax.nat.gov.tw -> hxxps://paytax.nat.gov.tw

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1496139827-2270205386-719297574-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 195.130.130.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Checker => 2
MSCONFIG\Services: ExtTag => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: QRX61 => 2
MSCONFIG\startupfolder: C:^Users^Tu Wei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BePCSC => C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: SmartMon => C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Tu Wei\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AE244612-7FAD-46F4-9B52-89E1682D8AD5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7378281C-7D74-417C-BB16-02F79B6A3FFC}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{A952712E-9872-41B1-8DA2-D6E150264DF6}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{B7A77258-85ED-4456-8233-C73E290CA70B}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{AE2FC8C2-2F76-4922-98CA-A608EA598551}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{39DC1EC0-1AB7-40EA-A526-B6F340C5481A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{166B27E9-FE12-45F3-A6B2-C898DDCE86DB}] => (Allow) LPort=2869
FirewallRules: [{5D10F408-4801-4AD4-88DB-D72F921676BC}] => (Allow) LPort=1900
FirewallRules: [{3D441816-2914-4774-91B9-AB77945D781A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B03C9B78-7FA5-4C64-935A-DAD9803CE795}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{409B49AA-B33D-4742-B446-384410D9BF61}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{78C001B1-9A2A-411D-87C6-3DA5642A6B55}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{52E8C440-9E0A-412C-A226-C3CA8A55C525}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D53B6B71-331A-4D06-9B21-93AF389F80AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{073BEF57-156B-4DFA-B48F-3F8DFA54BF8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3BE983EE-20B4-4A88-98EF-8BCCA4E089AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7BED94C9-7ADF-4C0C-BF90-91B6093EF0E6}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{71CF614C-5C50-4BEC-9365-51CF1EF8D084}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{D3542106-D67E-481A-AB54-8DE466C42615}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{7E374658-1D42-4AA1-B93F-2F5A4D324A2E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{49985A43-C9C2-4B52-B1A1-39B0F70F9B5A}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{FDCEA323-F417-4ACF-9212-47FB882D8E5C}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{92DF1C38-E118-4B02-BFC1-A81E0B184D94}] => (Allow) LPort=8370
FirewallRules: [{E4B9A098-518B-423B-9755-CBAACD1D566A}] => (Allow) LPort=8370
FirewallRules: [{EC017DA0-71AC-4856-A4D6-5F59769C3CA3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3865C0E0-244B-4FCF-9BFF-DFC6D74A2D31}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{17414DE5-B236-4B70-8297-823B2A65AF44}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BDEE85AB-9DB4-481A-8B35-53E1F350B7F3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5B1B8E2F-8433-4DFB-A871-316A9A6BCAEC}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{E5A0A1CB-7B30-4BF4-96BE-97DFEC105820}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E3169FD8-04D9-42D9-89AD-B7F21C35365F}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{9D9E46AC-ADFE-45C6-8F56-7BBCB810B267}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{94CD6032-0B1A-4ACA-A89D-D39D636D8EA3}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{3D96DB1B-933B-44D8-AD32-BA92B14E5E16}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{6724EA81-4A3E-4C29-BF29-1BBDDF0AEE1C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{49E8B858-DF27-436B-955B-0EBCD7147CD2}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [UDP Query User{3C279B9A-A362-4076-A989-5560A9D95998}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [{E0D0002E-CE3D-4065-AFC3-98186ACEF72F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{90B7E957-612A-4DC8-999E-6CAA1B68251B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{6FB17F79-1315-47FA-A777-85A11DB97C6D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{86ABA188-56C6-4149-9C47-C9DD93D3C31C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [TCP Query User{F857765D-D2EF-4620-955F-C4D806C4C63B}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [UDP Query User{82C63B30-7251-4B79-9986-85A5CFB8D3E1}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{C5F6EC85-0AF6-4F71-9249-7AB5D45F0DEF}] => (Block) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{637820FC-15B7-44D8-A6BC-8E909919A4DB}] => (Block) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{5F01FDB6-FF27-44E6-BBF8-A33AE9DA1EB9}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D38DCB1B-31AC-4E25-97F1-AD53C896BE60}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{69DD2755-7089-4A4D-8F17-4AE362FE90BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{88F785D8-53C0-4F92-BC9F-03C84CF13F3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D9441D5-8561-4C0C-A427-0B6CD5E3FAE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{130C83F4-E8F1-416F-9E2B-2ED17BA768E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7D17C4EA-BF9D-4AEF-8408-4DB253C1F2A8}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FDC6BC51-E6E2-4F70-9C5A-FD15DE0390E9}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{21834655-B01D-4B8A-A302-13A0D445538E}C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0843596C-5BD6-48E0-BF72-079FB0A0C610}C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{6E0753B1-9DCA-42E2-B4D2-D6FFB127FE3C}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{0D7CE84C-D0F2-41B9-A083-3E05058F6405}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{D780F481-68F2-4A6B-BB30-376C2E239FD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F4AE5C1B-F035-4EF4-B47F-196A1E5CC7E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{ABA16DEF-DEE3-4473-9B7A-B3282657B647}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0B779F9B-C02B-4561-97E3-EDEA73274694}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7E67F87-34CD-4381-894B-465B1D0E1A70}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8C8F715E-9754-4C3A-B50D-65E7F8D65574}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D394F52-7C07-4DF4-ADF1-00A0191166CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AB05BCD4-29C2-4A1E-98BD-61B35D0F44F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{ED512462-9B6A-4BF4-8A54-7F62587843FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{97CC90C3-F05C-4863-ADBE-F1FA035E7948}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E6F8BD03-5D4F-4387-86AD-3E9986CD01F6}] => (Allow) C:\Program Files (x86)\360\360AP\360AP.exe
FirewallRules: [{2F37AEA6-A54C-46F6-AA28-54DDDB7B2C12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe
FirewallRules: [{D11AC70D-F4A2-4EC2-8C72-96BAB211799C}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{A67EAF4D-9F64-438B-B1F9-E3C0772913B4}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{59DF33B2-8300-4984-AE62-E53B41116845}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{606C539B-3F09-41E3-89FD-9E746233F371}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{60C9761C-A75E-4221-8470-08E1ADF52EF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FDE7DB9E-0296-41FC-8AE0-09502490F607}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7284F8C0-F51C-4C72-939E-32E39E9CA4DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD36E824-B27A-4882-B2E5-B74B4E26EF83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B7647F30-7DA3-40D1-B62C-3CF7FA493215}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{594EDAAD-6B73-467E-BE34-AEAF45C1A1A6}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{3FF85416-3FA7-40B8-9225-56869F0E4933}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{F019368A-5CE1-482E-B161-AA3C30B0BC47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{ABD0E00F-38DA-44F8-8C7E-8AD6F3686035}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{AC3BEBD4-FEEA-486B-ACBF-7CB2ED4F4955}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{265CDC5E-A303-4F7B-A89B-3B9BF20F1377}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{3105A704-4D51-4FEE-8BB7-363698EBC4FD}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{4E67724B-B512-43FD-A4BC-91C8D7BD362D}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{552D1100-81F2-4077-9420-AED16C9C78B3}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E96A0905-67DD-4978-9B7A-0F2571D5BE05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADD8E301-7FCC-4F2C-B4FE-30A781A070D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B8DC0399-6158-46F3-9FA9-46DBE3E55839}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A122B09F-5E3D-490B-94C6-DE03E6275FD0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AFEDFF77-7220-4267-A653-D6B81DB5275E}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{B6D10CD6-6F06-44CF-9D2E-81B0362237E4}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{D9A13B16-8FA8-4F72-A17D-4B29E91B375C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{7ADC86B6-DF49-4999-A941-4BC89CFE9D58}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{4CE9B774-9D61-48B4-BDC9-CA57F058316B}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{F325BC39-02D1-4A59-AB19-E55C67FED3F6}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{3EB4F434-C504-4C1E-A187-173AE1BE86C6}] => (Allow) LPort=50000
FirewallRules: [{5213F027-EE95-4DAF-A1D2-2C63B032F5DE}] => (Allow) LPort=50001
FirewallRules: [{49AFDA16-897A-444E-A579-12A4D76CB770}] => (Allow) LPort=6001
FirewallRules: [{E8A2469B-713C-4B83-814F-6402CBCBBC6A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A41336E2-FC76-4766-B186-34FED1DC5101}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5B22BE10-AA7E-48B6-8733-6806E0BC9CE7}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
FirewallRules: [{E112403C-52BF-4BA8-B1A6-7CCAF10B5125}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\mDNSResponder.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe] => Enabled:iPhone PC Suite.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2015 06:37:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2015 02:14:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2015 05:21:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fe908eaad1
Faulting process id: 0x2190
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3

Error: (07/27/2015 05:21:09 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 07:45:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 07:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fe7ebfad21
Faulting process id: 0x4b0
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3

Error: (07/26/2015 07:43:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 06:26:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 06:24:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 05:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/27/2015 06:49:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5

Error: (07/27/2015 06:48:31 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5

Error: (07/27/2015 06:34:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069

Error: (07/27/2015 06:34:50 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/27/2015 06:34:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1069

Error: (07/27/2015 06:34:44 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/27/2015 06:34:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069

Error: (07/27/2015 06:34:44 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/27/2015 06:34:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/27/2015 06:34:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Microsoft Office:
=========================
Error: (07/27/2015 06:37:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2015 02:14:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2015 05:21:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c0000005000007fe908eaad1219001d0c79949d28ec6C:\Program Files\Sony\VAIO Care\VCAgent.exeunknown3cfc6086-33dc-11e5-86d2-30f9edead3a2

Error: (07/27/2015 05:21:09 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 07:45:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 07:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c0000005000007fe7ebfad214b001d0c78e37dba95aC:\Program Files\Sony\VAIO Care\VCAgent.exeunknown84d91942-338b-11e5-bc6c-30f9edead3a2

Error: (07/26/2015 07:43:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 06:26:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 06:24:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 05:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Error:
===================================
Date: 2015-05-10 23:52:49.299
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:52:49.249
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:52:48.782
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:52:48.735
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:39:47.336
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:39:47.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:38:06.704
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:38:06.657
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:32:44.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:32:44.205
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 8091.28 MB
Available physical RAM: 4272.54 MB
Total Virtual: 16180.76 MB
Available Virtual: 11717.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:580.06 GB) (Free:177.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: FAE8A523)

Partition: GPT Partition Type.

==================== End of log ============================


----------



## dvk01 (Dec 14, 2002)

I also need the new FRST report as well


----------



## hexagon (Aug 13, 2005)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Tu Wei (administrator) on TUWEI-VAIO (27-07-2015 23:00:53)
Running from C:\Users\Tu Wei\Desktop
Loaded Profiles: Tu Wei (Available Profiles: Tu Wei)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(360.cn) C:\Program Files (x86)\360\360AP\360AP.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-05-02] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-10] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Windows\system32\win\system32dll.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Run: [EPSON Stylus CX9300F Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICFP.EXE [213504 2007-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Run: [Dropbox Update] => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
AppInit_DLLs: C:\ProgramData\ExtTag\nivfh4zr.dll => C:\ProgramData\ExtTag\nivfh4zr.dll File not found
AppInit_DLLs-x32: C:\ProgramData\ExtTag\mk21qu1w.dll => "C:\ProgramData\ExtTag\mk21qu1w.dll" File not found
Startup: C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0MegaCloudNormal] -> {03FB4211-3964-44E8-97D7-A2FA49CF5576} => C:\Users\Tu Wei\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll [2012-11-30] ()
ShellIconOverlayIdentifiers: [1MegaCloudModified] -> {03FB4212-3964-44E8-97D7-A2FA49CF5576} => C:\Users\Tu Wei\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll [2012-11-30] ()
ShellIconOverlayIdentifiers: [2MeagCloudError] -> {03FB4213-3964-44E8-97D7-A2FA49CF5576} => C:\Users\Tu Wei\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll [2012-11-30] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQPeJLw6p6MZnqyGC1rZ27rNU-zakdq0KDxJTbY0vVtb4UnS3BcqwnmWWBr-46ZdA_gBz1ZQ22Ti9yfnuVVB1lUVddgsZ2J1rdhgbCxk1VoBo14luP7CdN2DlklqFKE27xC-i0CrOfEt-3CG&q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQPeJLw6p6MZnqyGC1rZ27rNU-zakdq0KDxJTbY0vVtb4UnS3BcqwnmWWBr-46ZdA_gBz1ZQ22Ti9yfnuVVB1lUVddgsZ2J1rdhgbCxk1VoBo14luP7CdN2DlklqFKE27xC-i0CrOfEt-3CG&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll [2014-01-17] (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL [2012-02-20] (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll [2014-08-06] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
BHO: BHO_TIMELINEREMOVE.Bho -> {e7b9b609-19ad-40a4-a288-b300a3087465} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll [2014-01-17] (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll [2012-02-20] (AuthenTec Inc.)
BHO-x32: Windows Live ID 登入協助程式 -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll [2014-08-06] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
DPF: HKLM-x32 {093754E3-943C-4FEB-8C19-2ED5D02CBE15} https://rtn.tax.nat.gov.tw/ibx/include/P7Client.cab
DPF: HKLM-x32 {1B6E47E1-F389-4BBA-9524-B96E0BA2CBDA} https://rtn.tax.nat.gov.tw/ibx/include/ChtETaxCOM.cab
DPF: HKLM-x32 {884C5B76-B154-45B5-A1ED-3746D0CCA352} http://download.powercam.com.tw/fsplayer7.cab
DPF: HKLM-x32 {D7D87BA8-3526-40AF-A8F0-9B44E64177C7} https://rtn.tax.nat.gov.tw/ibx/include/CHTSecurityClient.cab
DPF: HKLM-x32 {EC55014B-4D8D-4C8E-AC98-BFA7C1B315F7} http://118.163.104.242/PVRemoteViewX.cab
DPF: HKLM-x32 {F2F1C830-A734-49F4-B4B3-DDF29EBEC9C7} https://rtn.tax.nat.gov.tw/ibx/include/TwcaTax3.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll [2014-08-06] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll [2014-08-06] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll [2014-01-17] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll [2014-01-17] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2013-09-26] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 195.130.130.11 195.130.131.11
Tcpip\..\Interfaces\{600AA529-4983-4DDA-BC72-2BB4B61424B1}: [DhcpNameServer] 168.95.1.1 168.95.192.1
Tcpip\..\Interfaces\{6BE378FB-B700-40DE-BAB6-2C320F5E2C8B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8A9FA01B-3B16-4E6D-8B86-3EC2897E9740}: [DhcpNameServer] 192.168.1.1 195.130.130.11 195.130.131.11

FireFox:
========
FF ProfilePath: C:\Users\Tu Wei\AppData\Roaming\Mozilla\Firefox\Profiles\8c35nwvv.default-1437897782380
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-12-29] ()
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1496139827-2270205386-719297574-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tu Wei\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1496139827-2270205386-719297574-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tu Wei\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll [2012-05-31] ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2015-07-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-04]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected] [2015-07-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2015-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-12-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-04-24]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Tu Wei\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tu Wei\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-26]
CHR Extension: (Skype Click to Call) - C:\Users\Tu Wei\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-29]
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-06]
CHR HKLM-x32\...\Chrome\Extension: [nibgmhfiionbhpeidijmiildfjnbbkic] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-02-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S4 Checker; C:\Program Files\Checker\check.exe [376832 2015-07-20] () [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S4 QRX61; C:\Users\Tu Wei\AppData\Local\CamMonitor1024\cammonitor.exe [33280 2015-07-24] () [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-18] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MHIKEY11; C:\Windows\System32\Drivers\MHIKEY11x64.sys [61568 2011-04-19] (Generic USB smartcard reader) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
S3 QHNAT; C:\Windows\System32\DRIVERS\QHNAT.sys [31920 2013-11-28] (360.cn)
R3 QHNATMP; C:\Windows\System32\DRIVERS\QHNAT.sys [31920 2013-11-28] (360.cn)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-03-03] ()
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
U2 SCardDrv; No ImagePath
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 21:13 - 2015-07-26 21:14 - 00071100 _____ C:\Users\Tu Wei\Desktop\Addition.txt
2015-07-26 21:12 - 2015-07-27 23:00 - 00034681 _____ C:\Users\Tu Wei\Desktop\FRST.txt
2015-07-26 21:12 - 2015-07-27 23:00 - 00000000 ____D C:\FRST
2015-07-26 21:12 - 2015-07-26 21:12 - 02146816 _____ (Farbar) C:\Users\Tu Wei\Desktop\FRST64.exe
2015-07-26 21:08 - 2015-07-26 21:08 - 00509440 _____ (Tech Support Guy System) C:\Users\Tu Wei\Desktop\SysInfo.exe
2015-07-26 20:18 - 2015-07-26 20:18 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-07-26 20:18 - 2015-07-26 20:18 - 00001945 _____ C:\Windows\epplauncher.mif
2015-07-26 20:18 - 2015-07-26 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-07-26 20:17 - 2015-07-26 20:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-07-26 20:16 - 2015-07-26 20:16 - 14243008 _____ (Microsoft Corporation) C:\Users\Tu Wei\Desktop\MSEInstall(2).exe
2015-07-26 17:32 - 2015-07-26 17:32 - 00003063 _____ C:\Users\Tu Wei\Desktop\JRT.txt
2015-07-26 17:00 - 2015-07-27 22:27 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-26 16:59 - 2015-07-26 16:59 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-26 16:59 - 2015-07-26 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-26 16:59 - 2015-07-26 16:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-26 16:59 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-26 16:59 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-26 16:59 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-26 16:56 - 2015-07-26 16:56 - 02248704 _____ C:\Users\Tu Wei\Desktop\adwcleaner_4.208.exe
2015-07-26 16:56 - 2015-07-26 16:56 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Tu Wei\Desktop\JRT.exe
2015-07-26 16:50 - 2015-07-26 16:50 - 00000000 ____D C:\ProgramData\VIPRE
2015-07-26 16:50 - 2015-07-26 16:50 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-26 16:36 - 2015-07-26 16:36 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-07-26 16:30 - 2015-07-27 18:36 - 00001288 _____ C:\Windows\setupact.log
2015-07-26 16:30 - 2015-07-26 19:44 - 00010778 _____ C:\Windows\PFRO.log
2015-07-26 16:30 - 2015-07-26 16:30 - 00000000 _____ C:\Windows\setuperr.log
2015-07-26 16:27 - 2015-07-26 16:27 - 00000315 _____ C:\0.bak
2015-07-26 16:13 - 2015-07-26 16:23 - 00001142 _____ C:\Users\Tu Wei\Desktop\RegCure Pro.lnk
2015-07-26 16:11 - 2015-07-26 16:12 - 07139680 _____ (ParetoLogic, Inc.) C:\Users\Tu Wei\Downloads\RegCureProSetup_46DF668A-D798-418E-9DEB-A50615112E25_.exe
2015-07-26 04:48 - 2015-07-26 13:56 - 01350649 _____ C:\spyhunter.fix
2015-07-26 04:48 - 2015-07-26 04:48 - 00003258 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-07-26 04:48 - 2015-04-17 09:11 - 00021888 _____ C:\Windows\SysWOW64\sh4native.exe
2015-07-26 02:37 - 2015-07-26 02:37 - 04704832 _____ (http://www.specialuninstaller.com/ ) C:\Users\Tu Wei\Desktop\WinUninstaller_Setup.exe
2015-07-25 21:55 - 2015-07-25 21:55 - 00003496 _____ C:\Windows\System32\Tasks\snp
2015-07-25 21:55 - 2015-07-25 21:55 - 00003134 _____ C:\Windows\System32\Tasks\snf
2015-07-25 05:41 - 2015-07-25 05:41 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-07-24 19:17 - 2015-07-27 18:34 - 00000000 ____D C:\AdwCleaner
2015-07-24 17:45 - 2015-07-25 21:56 - 00001125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-24 17:45 - 2015-07-25 21:56 - 00001119 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-24 17:42 - 2015-07-24 17:42 - 41128904 _____ C:\Users\Tu Wei\Downloads\Firefox Setup 39.0.exe
2015-07-24 17:29 - 2015-07-24 20:11 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Fresh Infancy
2015-07-24 17:29 - 2015-07-24 20:09 - 00000000 ____D C:\Program Files (x86)\Millennials to Snake People
2015-07-24 15:43 - 2015-07-24 20:09 - 00000000 ____D C:\Program Files (x86)\064c900f-0609-4a40-b403-504f6226b154
2015-07-24 15:43 - 2015-07-24 18:43 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-24 15:42 - 2015-07-24 15:42 - 00000000 _____ C:\Windows\prleth.sys
2015-07-24 15:42 - 2015-07-24 15:42 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-24 15:37 - 2015-07-24 15:37 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\%PRODUCTNAME%
2015-07-24 15:35 - 2015-07-24 17:35 - 00000000 ____D C:\Program Files\Checker
2015-07-24 15:35 - 2015-07-24 15:35 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\CamMonitor1024
2015-07-24 15:33 - 2015-07-24 17:25 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\Chromium
2015-07-24 15:32 - 2015-07-24 20:09 - 00000000 ____D C:\Program Files (x86)\6cadc468-286c-43a2-9c59-b4ef60557d02
2015-07-24 15:32 - 2009-06-11 05:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-24 15:30 - 2015-07-24 20:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2015-07-22 17:15 - 2015-07-22 17:15 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-21 09:41 - 2015-07-15 11:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 09:41 - 2015-07-15 11:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 09:41 - 2015-07-15 11:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 09:41 - 2015-07-15 11:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 09:41 - 2015-07-15 10:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 09:41 - 2015-07-15 10:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 09:41 - 2015-07-15 10:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 09:41 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 09:41 - 2015-07-15 09:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 09:41 - 2015-07-15 09:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-16 09:55 - 2015-07-16 09:55 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\CEF
2015-07-15 12:14 - 2015-07-10 01:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 12:14 - 2015-07-10 01:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 12:14 - 2015-07-10 01:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 12:14 - 2015-07-10 01:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 12:14 - 2015-07-10 01:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 12:14 - 2015-07-10 01:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 12:14 - 2015-07-10 01:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 12:14 - 2015-07-10 01:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 12:14 - 2015-07-10 01:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 12:14 - 2015-06-25 16:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 12:14 - 2015-06-02 08:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 12:14 - 2015-06-02 07:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 12:13 - 2015-07-03 05:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 12:13 - 2015-07-03 05:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 12:13 - 2015-07-03 04:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 12:13 - 2015-07-03 04:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 12:13 - 2015-07-03 04:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 12:13 - 2015-07-03 04:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 12:13 - 2015-07-03 04:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 12:13 - 2015-07-03 04:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 12:13 - 2015-07-03 04:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 12:13 - 2015-07-03 03:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 12:13 - 2015-07-03 03:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 12:13 - 2015-07-03 02:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 12:13 - 2015-06-27 10:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 12:13 - 2015-06-27 10:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 12:13 - 2015-06-27 09:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 12:13 - 2015-06-27 09:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 12:13 - 2015-06-18 01:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 12:13 - 2015-06-18 01:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 12:12 - 2015-06-26 02:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 12:12 - 2015-06-26 01:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 12:12 - 2015-06-21 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 12:12 - 2015-06-21 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 12:12 - 2015-06-21 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 12:12 - 2015-06-21 03:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 12:12 - 2015-06-21 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 12:12 - 2015-06-21 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 12:12 - 2015-06-21 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 12:12 - 2015-06-21 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 12:12 - 2015-06-21 03:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 12:12 - 2015-06-21 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 12:12 - 2015-06-21 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 12:12 - 2015-06-21 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 12:12 - 2015-06-21 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 12:12 - 2015-06-21 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 12:12 - 2015-06-21 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 12:12 - 2015-06-21 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 12:12 - 2015-06-21 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 12:12 - 2015-06-21 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 12:12 - 2015-06-21 02:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 12:12 - 2015-06-21 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 12:12 - 2015-06-21 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 12:12 - 2015-06-21 02:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 12:12 - 2015-06-21 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 12:12 - 2015-06-20 02:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 12:12 - 2015-06-20 02:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 12:12 - 2015-06-20 02:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 12:12 - 2015-06-20 02:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 12:12 - 2015-06-20 02:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 12:12 - 2015-06-20 02:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 12:12 - 2015-06-20 02:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 12:12 - 2015-06-20 02:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 12:12 - 2015-06-20 02:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 12:12 - 2015-06-20 02:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 12:12 - 2015-06-20 01:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 12:12 - 2015-06-20 01:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 12:12 - 2015-06-20 01:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 12:12 - 2015-06-20 01:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 12:12 - 2015-06-20 01:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 12:12 - 2015-06-20 01:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 12:12 - 2015-06-20 01:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 12:12 - 2015-06-20 01:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 12:12 - 2015-06-20 01:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 12:11 - 2015-07-02 04:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 12:11 - 2015-07-02 04:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 12:11 - 2015-07-02 04:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 12:11 - 2015-07-02 04:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 12:11 - 2015-07-02 04:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 12:11 - 2015-07-02 04:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 12:11 - 2015-07-02 04:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 12:11 - 2015-07-02 04:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 12:11 - 2015-07-02 04:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 12:11 - 2015-07-02 04:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 12:11 - 2015-07-02 04:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 12:11 - 2015-07-02 04:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 12:11 - 2015-07-02 04:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 12:11 - 2015-07-02 03:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 12:11 - 2015-07-02 03:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 12:11 - 2015-07-02 03:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 12:10 - 2015-07-10 01:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 12:10 - 2015-07-10 01:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 12:10 - 2015-07-10 01:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 12:10 - 2015-07-10 01:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 12:10 - 2015-07-10 01:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 12:10 - 2015-07-10 01:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 12:10 - 2015-07-10 01:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 12:10 - 2015-07-10 01:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 12:10 - 2015-07-05 02:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 12:10 - 2015-07-05 01:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 12:10 - 2015-07-02 04:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 12:10 - 2015-07-02 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 12:10 - 2015-07-02 04:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 12:10 - 2015-07-02 04:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 12:10 - 2015-07-02 04:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 12:10 - 2015-06-16 05:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 12:10 - 2015-06-16 05:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 12:10 - 2015-06-16 05:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 12:10 - 2015-06-16 05:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 12:10 - 2015-06-16 05:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 12:10 - 2015-06-16 05:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 12:10 - 2015-06-16 05:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 12:10 - 2015-06-16 05:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 12:10 - 2015-06-16 05:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 12:10 - 2015-06-16 05:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 12:10 - 2015-06-16 05:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 12:10 - 2015-06-16 05:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 12:10 - 2015-04-28 03:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 12:10 - 2015-04-28 03:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 12:10 - 2015-04-28 03:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 12:10 - 2015-04-28 03:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 12:10 - 2015-04-28 03:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 12:10 - 2015-04-28 03:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 12:10 - 2015-04-28 03:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 12:10 - 2015-04-28 03:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 10:37 - 2015-07-23 23:01 - 00683589 _____ C:\Users\Tu Wei\Desktop\13072015.xlsx
2015-07-14 23:48 - 2015-07-15 15:08 - 00009613 _____ C:\Users\Tu Wei\Desktop\Money owed Meiya.xlsx
2015-07-14 15:30 - 2015-07-14 15:30 - 21204992 _____ C:\Users\Tu Wei\Desktop\Copy of TW+price++2015-7-14+xls.xls
2015-07-09 16:25 - 2015-07-14 15:17 - 00073728 _____ C:\Users\Tu Wei\Desktop\Flood light sticker.xls
2015-07-09 16:12 - 2015-07-15 16:18 - 00117760 _____ C:\Users\Tu Wei\Desktop\Copy of label (4).xls
2015-07-06 11:17 - 2015-07-23 22:51 - 00010774 _____ C:\Users\Tu Wei\Desktop\GU10 led.xlsx
2015-07-04 09:59 - 2015-07-26 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-01 15:10 - 2015-07-16 03:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-01 15:10 - 2015-07-01 15:10 - 00002007 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-01 15:06 - 2015-07-17 09:42 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-06-30 10:04 - 2015-06-30 10:08 - 172688431 _____ C:\Users\Tu Wei\Desktop\20150204_105902.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-27 22:42 - 2012-05-15 04:40 - 00000526 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-27 22:19 - 2015-06-19 21:18 - 00000568 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001UA.job
2015-07-27 22:09 - 2009-07-14 12:45 - 00028576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-27 22:09 - 2009-07-14 12:45 - 00028576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-27 21:43 - 2012-06-18 15:22 - 01533812 _____ C:\Windows\WindowsUpdate.log
2015-07-27 19:31 - 2012-06-20 10:08 - 00000000 ____D C:\Users\Tu Wei\Documents\Home Champion
2015-07-27 19:19 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-27 18:41 - 2009-07-14 13:13 - 00797850 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-27 18:38 - 2014-02-03 15:26 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-27 18:37 - 2013-11-13 16:01 - 00000000 ___RD C:\Users\Tu Wei\Dropbox
2015-07-27 18:37 - 2013-11-13 15:52 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Dropbox
2015-07-27 18:36 - 2012-07-31 12:45 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-27 18:35 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-27 18:33 - 2012-06-18 17:09 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Skype
2015-07-27 15:18 - 2012-05-15 05:12 - 00000000 ____D C:\ProgramData\Trend Micro
2015-07-27 03:14 - 2012-06-20 12:46 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\vlc
2015-07-27 00:19 - 2015-06-19 21:18 - 00000516 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001Core.job
2015-07-26 19:36 - 2015-06-19 21:18 - 00003550 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001UA
2015-07-26 19:36 - 2015-06-19 21:18 - 00003154 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001Core
2015-07-26 19:29 - 2012-06-18 15:23 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Macromedia
2015-07-26 16:27 - 2015-01-09 21:00 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-26 16:27 - 2015-01-09 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-26 16:27 - 2014-04-30 23:29 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Media Player Classic
2015-07-26 16:27 - 2014-04-13 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-26 16:27 - 2014-01-17 16:42 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\360CloudWifi
2015-07-26 16:27 - 2013-12-09 22:09 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2015-07-26 16:27 - 2013-07-16 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-07-26 16:27 - 2012-12-29 22:30 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\PMB Files
2015-07-26 16:27 - 2012-12-29 21:28 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-07-26 16:27 - 2012-08-14 23:00 - 00000000 ____D C:\Program Files (x86)\唾昜蟀蟀艘
2015-07-26 16:27 - 2012-06-30 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-07-26 16:27 - 2012-06-22 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-07-26 16:27 - 2012-06-18 17:44 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-07-26 16:27 - 2012-06-18 16:32 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\uTorrent
2015-07-26 16:27 - 2012-06-18 15:23 - 00000000 ____D C:\Users\Tu Wei
2015-07-26 16:27 - 2012-05-15 05:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AuthenTec TrueSuite
2015-07-26 16:27 - 2012-05-15 04:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet 無線
2015-07-26 16:27 - 2011-02-11 06:48 - 00000000 ____D C:\Windows\Panther
2015-07-26 16:27 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Default
2015-07-26 16:27 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\tracing
2015-07-26 14:05 - 2012-08-14 22:56 - 00236080 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-07-26 06:34 - 2015-01-09 21:00 - 00000000 ____D C:\Program Files\WinRAR
2015-07-26 03:10 - 2015-01-09 21:08 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-26 03:10 - 2015-01-09 21:08 - 00000000 ____D C:\Program Files\CCleaner
2015-07-25 21:56 - 2012-06-18 15:24 - 00000979 _____ C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-25 13:55 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 20:39 - 2015-03-13 20:54 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-24 20:11 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PLA
2015-07-24 20:09 - 2015-01-05 09:17 - 00000000 ____D C:\Program Files (x86)\67b4ec9f-169e-4279-8279-b240c9fab477
2015-07-24 19:22 - 2012-09-16 17:18 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-24 17:55 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-24 17:50 - 2012-06-18 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-24 17:48 - 2012-08-14 22:56 - 00025136 _____ (Trend Micro Inc.) C:\Windows\DCEBoot64.exe
2015-07-24 17:31 - 2013-07-16 22:14 - 00000000 ____D C:\Windows\Minidump
2015-07-24 17:24 - 2009-07-14 10:34 - 00000580 _____ C:\Windows\win.ini
2015-07-24 15:34 - 2012-05-15 04:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-24 15:34 - 2012-05-15 04:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-24 15:34 - 2012-05-15 04:40 - 00003464 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-23 20:23 - 2012-08-02 22:30 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\Trend Micro
2015-07-22 17:07 - 2009-07-14 12:45 - 00444928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-17 09:44 - 2014-04-13 17:37 - 00000000 ____D C:\ProgramData\Oracle
2015-07-17 09:44 - 2012-05-15 04:22 - 00000000 ____D C:\Program Files\Java
2015-07-16 21:50 - 2013-11-15 15:21 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-07-16 21:50 - 2013-11-15 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-07-16 04:26 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 03:34 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 03:34 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 03:33 - 2014-12-13 20:56 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 03:33 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 03:13 - 2012-06-18 19:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 03:09 - 2013-07-16 22:49 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 03:02 - 2014-12-30 09:46 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-06 13:30 - 2012-06-18 17:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-06 13:30 - 2012-05-15 05:10 - 00000000 ____D C:\ProgramData\Skype
2015-07-05 18:08 - 2010-11-21 11:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-05 08:40 - 2014-12-05 22:31 - 00000000 __SHD C:\Users\Tu Wei\AppData\Local\EmieBrowserModeList
2015-07-05 08:40 - 2014-04-22 21:02 - 00000000 __SHD C:\Users\Tu Wei\AppData\Local\EmieUserList
2015-07-05 08:40 - 2014-04-22 21:02 - 00000000 __SHD C:\Users\Tu Wei\AppData\Local\EmieSiteList
2015-07-03 08:43 - 2012-06-21 08:04 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 16:55 - 2012-06-18 16:20 - 00000000 ____D C:\Users\Tu Wei\AppData\Roaming\Adobe
2015-07-01 15:46 - 2014-08-19 09:56 - 00000000 ____D C:\Users\Tu Wei\AppData\Local\Adobe
2015-07-01 15:10 - 2012-05-15 04:44 - 00000000 ____D C:\ProgramData\Adobe
2015-07-01 15:10 - 2012-05-15 04:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-01 15:09 - 2012-06-18 17:05 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-01 15:09 - 2012-06-18 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== Files in the root of some directories =======

2012-12-29 22:36 - 2012-12-29 23:18 - 2097152000 _____ () C:\Program Files (x86)\GarenaTWLoL_Install_121212.1.dat
2012-12-29 22:35 - 2012-12-29 23:18 - 795893315 _____ () C:\Program Files (x86)\GarenaTWLoL_Install_121212.2.dat
2012-12-30 00:20 - 2012-12-30 00:20 - 0000012 _____ () C:\Program Files (x86)\locale.properties
2015-07-26 16:13 - 2015-07-26 17:01 - 0000115 _____ () C:\Users\Tu Wei\AppData\Roaming\LogFile.txt
2013-12-09 22:03 - 2013-12-09 22:03 - 0000036 _____ () C:\Users\Tu Wei\AppData\Local\housecall.guid.cache
2014-04-12 22:30 - 2014-04-13 00:04 - 0000600 _____ () C:\Users\Tu Wei\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
C:\Users\Tu Wei\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxwqclk.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-23 00:10

==================== End of log ============================


----------



## dvk01 (Dec 14, 2002)

You have 2 active antiviruses
Trend & MSE
I suggest you un install MSE and keep trend 
reboot then 
Download attached *fixlist.txt* file and save it to your desktop.

*NOTE.* It's important that both files, *FRST/FRST64* and *fixlist.txt *are in the same location or the fix will not work.

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

Run *FRST/FRST64* and press the *Fix* button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


----------



## hexagon (Aug 13, 2005)

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Tu Wei at 2015-07-28 18:41:38 Run:2
Running from C:\Users\Tu Wei\Desktop
Loaded Profiles: Tu Wei (Available Profiles: Tu Wei)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AppInit_DLLs: C:\ProgramData\ExtTag\nivfh4zr.dll => C:\ProgramData\ExtTag\nivfh4zr.dll File not found
AppInit_DLLs-x32: C:\ProgramData\ExtTag\mk21qu1w.dll => "C:\ProgramData\ExtTag\mk21qu1w.dll" File not found
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Windows\system32\win\system32dll.exe,
C:\Windows\system32\win\system32dll.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQPeJLw6p6MZnqyGC1rZ27rNU-zakdq0KDxJTbY0vVtb4UnS3BcqwnmWWBr-46ZdA_gBz1ZQ22Ti9yfnuVVB1lUVddgsZ2J1rdhgbCxk1VoBo14luP7CdN2DlklqFKE27xC-i0CrOfEt-3CG&q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQPeJLw6p6MZnqyGC1rZ27rNU-zakdq0KDxJTbY0vVtb4UnS3BcqwnmWWBr-46ZdA_gBz1ZQ22Ti9yfnuVVB1lUVddgsZ2J1rdhgbCxk1VoBo14luP7CdN2DlklqFKE27xC-i0CrOfEt-3CG&q={searchTerms}
Snap.Do Engine (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\{b597cadb-3cba-4cb4-876a-28ff6992798a}) (Version: 11.140.1.20709 - ReSoft Ltd.) <==== ATTENTION
Task: {02525070-0BC8-406A-BC6D-480EFA1BB45F} - System32\Tasks\snf => \e4fbamcd.exe
C:\ProgramData\ExtTag
Task: {912828AD-75A4-439E-91F9-86D7DC9EC980} - System32\Tasks\SpyHunter4Startup => C:\Users\TUWEI~1\AppData\Local\Temp\RarSFX0\SpyHunter4.exe <==== ATTENTION
Task: {B5E43993-DF8C-4662-870E-836C7A85D2A7} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {C325F7BE-94E6-4381-8B6E-867E94867BD2} - System32\Tasks\snp => C:\ProgramData\ExtTag\e4fbamcd.exe
Task: {F5530F5D-86AA-4FAE-B868-81E20C26FADC} - \ProPCCleaner_Start No Task File <==== ATTENTION
2015-07-25 21:55 - 2015-07-25 21:55 - 00003496 _____ C:\Windows\System32\Tasks\snp
2015-07-25 21:55 - 2015-07-25 21:55 - 00003134 _____ C:\Windows\System32\Tasks\snf
EmptyTemp:

*****************

"C:\ProgramData\ExtTag\nivfh4zr.dll" => value data not found.
"C:\ProgramData\ExtTag\mk21qu1w.dll" => value data not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"C:\Windows\system32\win\system32dll.exe" => File/Folder not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-1496139827-2270205386-719297574-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
Snap.Do Engine (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\{b597cadb-3cba-4cb4-876a-28ff6992798a}) (Version: 11.140.1.20709 - ReSoft Ltd.) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02525070-0BC8-406A-BC6D-480EFA1BB45F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02525070-0BC8-406A-BC6D-480EFA1BB45F}" => key removed successfully
C:\Windows\System32\Tasks\snf => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snf" => key removed successfully
"C:\ProgramData\ExtTag" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{912828AD-75A4-439E-91F9-86D7DC9EC980}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{912828AD-75A4-439E-91F9-86D7DC9EC980}" => key removed successfully
C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5E43993-DF8C-4662-870E-836C7A85D2A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5E43993-DF8C-4662-870E-836C7A85D2A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C325F7BE-94E6-4381-8B6E-867E94867BD2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C325F7BE-94E6-4381-8B6E-867E94867BD2}" => key removed successfully
C:\Windows\System32\Tasks\snp => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5530F5D-86AA-4FAE-B868-81E20C26FADC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5530F5D-86AA-4FAE-B868-81E20C26FADC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully
"C:\Windows\System32\Tasks\snp" => File/Folder not found.
"C:\Windows\System32\Tasks\snf" => File/Folder not found.
EmptyTemp: => 111.5 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 18:41:58 ====


----------



## dvk01 (Dec 14, 2002)

how is it now


----------



## hexagon (Aug 13, 2005)

Hi Derek,

Nothing has changed.

The only right working browser on startup is Chrome. IE still has searchfinder as startup page and Firefox has file:///C:/ProgramData/ExtTags/snp.sc on startup

Snap.do engine cannot be uninstalled still


----------



## dvk01 (Dec 14, 2002)

reset FF to default 
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

reset IE to default 
http://windows.microsoft.com/en-gb/internet-explorer/reset-ie-settings#ie=ie-11

that should cure it


----------



## hexagon (Aug 13, 2005)

I did as instructed above, but problem remains the same.

Snap.do is also still there. I saw in IE before searchfinder popped up as main page that it went to feed.snapdo first. Maybe that helps?


----------



## dvk01 (Dec 14, 2002)

lets see if we can fix it with this then 
Download *OTS.exe *to your Desktop 

Close any open browsers.
If your Real protection or Antivirus intervenes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In the *Files Age* drop down box click *60* 
in the *Additional scans sections* please select * Everything *and make sure safe list box is checked
Now on the toolbar at the top select "Scan all users" then click the *Run Scan* button
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
the log will be too large to post, use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## hexagon (Aug 13, 2005)

Here you go

Snap do has been installed on my computer since jan 5th 2015 (just for your information)


----------



## dvk01 (Dec 14, 2002)

Start *OTS*. Copy/Paste the information in the Code box below into the pane where it says *"Paste fix here"* and then click the Run Fix button.


```
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: SearchURL\\"Default" -> http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQPeJLw6p6MZnqyGC1rZ27rNU-zakdq0KDxJTbY0vVtb4UnS3BcqwnmWWBr-46ZdA_gBz1ZQ22Ti9yfnuVVB1lUVddgsZ2J1rdhgbCxk1VoBo14luP7CdN2DlklqFKE27xC-i0CrOfEt-3CG&q={searchTerms}
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQPeJLw6p6MZnqyGC1rZ27rNU-zakdq0KDxJTbY0vVtb4UnS3BcqwnmWWBr-46ZdA_gBz1ZQ22Ti9yfnuVVB1lUVddgsZ2J1rdhgbCxk1VoBo14luP7CdN2DlklqFKE27xC-i0CrOfEt-3CG&q={searchTerms}
YN -> HKEY_CURRENT_USER\: SearchURL\\"Default" -> http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQPeJLw6p6MZnqyGC1rZ27rNU-zakdq0KDxJTbY0vVtb4UnS3BcqwnmWWBr-46ZdA_gBz1ZQ22Ti9yfnuVVB1lUVddgsZ2J1rdhgbCxk1VoBo14luP7CdN2DlklqFKE27xC-i0CrOfEt-3CG&q={searchTerms}
[Registry - Additional Scans - Safe List]
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
YN -> ExtTag -> Reg Error: Value error. [Reg Error: Value error.]
YN -> fsquirt.exe -> Reg Error: Value error. [Reg Error: Value error.]
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
YN -> {b597cadb-3cba-4cb4-876a-28ff6992798a} -> Snap.Do Engine
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. *Post that information back here *.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.


----------



## hexagon (Aug 13, 2005)

Snap.Do seems to be gone from my software and features after the fix

Search safefinder is still there on my IE startpage
file:///C:/ProgramData/ExtTags/snp.sc also still there on Firefox startpage

Report after OST fix please see below:

All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\\Default deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default deleted successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ExtTag\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\fsquirt.exe\ deleted successfully.
[Empty Temp Folders]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tu Wei
->Temp folder emptied: 69571 bytes
->Temporary Internet Files folder emptied: 1401398 bytes
->Java cache emptied: 307406 bytes
->FireFox cache emptied: 8370274 bytes
->Google Chrome cache emptied: 5103549 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 836 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4927488 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 633 bytes
RecycleBin emptied: 186965062 bytes

Total Files Cleaned = 198.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tu Wei
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tu Wei
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 07302015_052201

Files\Folders moved on Reboot...
C:\Users\Tu Wei\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Tu Wei\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP000000689C171E5FD012D5BF not found!

Registry entries deleted on Reboot...


----------



## dvk01 (Dec 14, 2002)

I have no more ideas how to cure this 
can you do a screenshot showing the items because they just don't appear in any of the logs


----------



## hexagon (Aug 13, 2005)

Hi Derek,

The screen shots were taken on startup of the 2 browsers.

If you ran out of ideas, don't worry about it. You did a great job already. Thank you


----------



## dvk01 (Dec 14, 2002)

With firefox, the only thing that I can think of is you have a "dodgy" shortcut starting it 
right click the shortcut on desktop & select properties/shortcut
look in properties box & copy all the contents of that box & paste it back here


----------



## hexagon (Aug 13, 2005)

This is the target: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" %SNF%
Start in: "C:\Program Files (x86)\Mozilla Firefox"


----------



## dvk01 (Dec 14, 2002)

remove the %SNF% so all that shows is "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"


----------



## dvk01 (Dec 14, 2002)

Then lets check the same for IE
see what it's shortcut shows


----------



## hexagon (Aug 13, 2005)

I had the same thing in IE but then with %SNP% instead of %SNF% in FF. I removed both the suffix in the shortcut and also reset the 2 browsers with the same results as before


----------



## dvk01 (Dec 14, 2002)

run frst again please and make sure you select additions.tx in options 
I need to see if something is either reversing the fixes or adding the snp/snf tasks back again 
I suspect something is adding the tasks on reboot


----------



## hexagon (Aug 13, 2005)

There you go


----------



## dvk01 (Dec 14, 2002)

I cannot see anything there and I have no idea what is causing the problems

I cannot see any cure for it


----------



## hexagon (Aug 13, 2005)

No problem Derek

Thanks for the help


----------

