TR/CoinMiner.J bei Windows 8.1 lässt sich nicht entfernen.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 04:45 on 01/06/2015 (Tianhe)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Tianhe (administrator) on TLIU-PC on 01-06-2015 04:48:21
Running from C:\Users\Tianhe\Desktop
Loaded Profiles: Tianhe &  (Available Profiles: Tianhe)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [SynAsusGestureAPIMgr] => C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-17] (Synaptics)
HKLM\...\Run: [AsusNewUI] => C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-17] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Atheros Communications)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [uTorrent] => C:\Users\Tianhe\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [BaiduYunGuanjia] => D:\Programme (x86)\BaiduYunGuanjia\BaiduYunGuanjia.exe [4646344 2014-08-22] ()
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-28] (Electronic Arts)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2861104 2015-05-25] (Blizzard Entertainment)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\...\MountPoints2: {13c25ee8-dae3-11e3-bf23-dc85de75e14e} - "F:\setup.exe" 
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Tianhe\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BaiduYunGuanjia] => D:\Programme (x86)\BaiduYunGuanjia\BaiduYunGuanjia.exe [4646344 2014-08-22] ()
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-28] (Electronic Arts)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2861104 2015-05-25] (Blizzard Entertainment)
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {13c25ee8-dae3-11e3-bf23-dc85de75e14e} - "F:\setup.exe" 
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tianhe\AppData\Roaming\Mozilla\Firefox\Profiles\8oKzF9rg.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> D:\Programme (x86)\BaiduYunGuanjia\npYunWebDetect.dll [2014-08-22] (Baidu.com, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @show.sina.com.cn/SHOWSSO -> C:\Program Files (x86)\sina\SinaUcChatRoom\npSHOWLoginSSOAxCtrl.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1146134481-3092128511-1725324078-1002: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKU\S-1-5-21-1146134481-3092128511-1725324078-1002: ubisoft.com/uplaypc -> D:\Programme (x86)\Tom Clancy`s H.A.W.X. 2\Tom Clancy's H.A.W.X. 2\orbit\npuplaypc.dll No File
FF Plugin HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKU\S-1-5-21-1146134481-3092128511-1725324078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> D:\Programme (x86)\Tom Clancy`s H.A.W.X. 2\Tom Clancy's H.A.W.X. 2\orbit\npuplaypc.dll No File
FF Extension: Avira Browser Safety - C:\Users\Tianhe\AppData\Roaming\Mozilla\Firefox\Profiles\8oKzF9rg.default\Extensions\abs@avira.com [2015-03-02]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-22]
CHR Extension: (YouTube) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-22]
CHR Extension: (Google Search) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-22]
CHR Extension: (iCloud Bookmarks) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-09-26]
CHR Extension: (AdBlock) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-10]
CHR Extension: (Bookmark Manager) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Tianhe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U0 abststwx; C:\Windows\System32\drivers\bnim.sys [79064 2015-06-01] (Malwarebytes Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-04-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-04] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-14] (Disc Soft Ltd)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-04-23] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-10-04] (ASUSTek Computer Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 04:48 - 2015-06-01 04:48 - 00028947 _____ () C:\Users\Tianhe\Desktop\FRST.txt
2015-06-01 04:47 - 2015-06-01 04:48 - 00000000 ____D () C:\FRST
2015-06-01 04:46 - 2015-06-01 04:46 - 02108928 _____ (Farbar) C:\Users\Tianhe\Desktop\FRST64.exe
2015-06-01 04:45 - 2015-06-01 04:45 - 00000474 _____ () C:\Users\Tianhe\Desktop\defogger_disable.log
2015-06-01 04:45 - 2015-06-01 04:45 - 00000000 _____ () C:\Users\Tianhe\defogger_reenable
2015-06-01 04:44 - 2015-06-01 04:44 - 00050477 _____ () C:\Users\Tianhe\Desktop\Defogger.exe
2015-06-01 04:43 - 2015-06-01 04:43 - 00000000 ____D () C:\Users\Tianhe\Documents\The Witcher 3
2015-06-01 04:40 - 2015-05-28 05:52 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-01 04:38 - 2015-05-28 09:04 - 42719888 _____ () C:\WINDOWS\system32\nvcompiler.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 37741712 _____ () C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-01 04:38 - 2015-05-28 09:04 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 01050440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00407112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-01 04:38 - 2015-05-28 09:04 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-01 04:32 - 2015-06-01 04:32 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\bnim.sys
2015-06-01 04:06 - 2015-06-01 04:14 - 00000000 ____D () C:\AdwCleaner
2015-06-01 04:03 - 2015-06-01 04:03 - 02231296 _____ () C:\Users\Tianhe\Desktop\AdwCleaner_4.206.exe
2015-06-01 03:35 - 2015-06-01 04:17 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 03:33 - 2015-06-01 03:33 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-01 03:33 - 2015-06-01 03:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-01 03:33 - 2015-06-01 03:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-01 03:33 - 2015-06-01 03:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-01 03:33 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-01 03:33 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-01 03:33 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-01 03:25 - 2015-06-01 03:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tianhe\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-01 02:15 - 2015-06-01 02:15 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Origin
2015-05-31 22:56 - 2015-05-31 22:56 - 00000000 ____D () C:\Users\Tianhe\Desktop\[秀人网]美媛馆 2015-04-08 丽莉Lily丶
2015-05-31 21:21 - 2015-05-31 21:22 - 18506455 _____ (WizBrother) C:\Users\Tianhe\Desktop\超次元海王星精华攻略宝典.exe
2015-05-29 12:31 - 2015-05-29 12:34 - 16187468 _____ () C:\Users\Tianhe\Desktop\315.rar
2015-05-29 01:19 - 2015-06-01 04:40 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-29 01:19 - 2015-06-01 04:39 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-29 01:19 - 2015-04-03 15:21 - 00048784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-05-29 01:19 - 2015-04-03 15:21 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-05-25 15:57 - 2015-05-29 01:37 - 00000000 ____D () C:\Users\Tianhe\AppData\Local\NVIDIA
2015-05-25 15:57 - 2015-05-29 01:19 - 00001399 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-05-25 15:57 - 2015-05-25 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-25 15:57 - 2015-05-23 03:47 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-05-25 15:57 - 2015-05-23 03:47 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-05-25 15:57 - 2015-05-23 03:47 - 01320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-05-25 15:57 - 2015-05-23 03:47 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-05-25 15:56 - 2015-05-25 15:57 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-25 15:55 - 2015-05-28 09:04 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-05-25 15:55 - 2015-05-28 09:04 - 02986392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-05-25 15:55 - 2015-05-13 08:52 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-05-25 15:55 - 2015-05-13 08:52 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-05-25 15:55 - 2015-05-12 08:27 - 15048816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SETD6E5.tmp
2015-05-25 15:55 - 2015-05-12 08:27 - 02971776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SETB961.tmp
2015-05-25 15:55 - 2015-05-12 08:27 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435286.dll
2015-05-25 15:55 - 2015-05-12 08:27 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435286.dll
2015-05-19 11:42 - 2015-05-22 02:18 - 00000000 ____D () C:\Users\Tianhe\Documents\Windward
2015-05-17 11:20 - 2015-05-17 11:22 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\MoreTerra
2015-05-17 11:20 - 2015-05-17 11:20 - 00152543 _____ () C:\Users\Tianhe\Desktop\MoreTerra.zip
2015-05-17 11:20 - 2015-05-17 11:20 - 00000000 ____D () C:\Users\Tianhe\Desktop\MoreTerra
2015-05-13 17:29 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:29 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:09 - 2015-05-16 02:38 - 00184250 _____ () C:\Users\Tianhe\Desktop\Tap Titans v2.2.2 Online Spreadsheet.xlsx.xlsx
2015-05-13 01:01 - 2015-05-13 01:01 - 00051314 _____ () C:\Users\Tianhe\Desktop\Builder2.6.4.zip
2015-05-12 23:16 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-12 23:16 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 23:16 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 23:16 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 23:16 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 23:16 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 23:16 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 23:16 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 23:16 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 23:16 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 23:16 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 23:16 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 23:15 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 23:15 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 23:15 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 23:15 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 23:15 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 23:15 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 23:15 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 23:15 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 23:15 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 23:15 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 23:15 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 23:15 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 23:15 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 23:15 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 23:15 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 23:15 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 23:15 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 23:15 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 23:15 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 23:15 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 23:15 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 23:15 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 23:15 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 23:15 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 23:15 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 23:15 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 23:15 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 23:15 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 23:15 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 23:15 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 23:15 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 23:15 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 23:15 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 23:15 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 23:15 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 23:15 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 23:15 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 23:15 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 23:15 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 23:15 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 23:15 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-12 23:15 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 23:15 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 23:15 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 23:15 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 23:15 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 23:15 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 23:15 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 23:15 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 23:15 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 23:15 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 23:15 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 23:15 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 23:15 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 23:15 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 23:15 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 23:15 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 23:15 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 23:15 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 23:15 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 23:15 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 23:15 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 23:15 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 23:15 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 23:15 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 23:15 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 23:15 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-07 00:12 - 2015-05-07 01:46 - 00000000 ____D () C:\Users\Tianhe\Documents\Endless Legend
2015-05-05 14:09 - 2015-05-05 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 04:47 - 2012-12-23 00:41 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-01 04:45 - 2013-11-11 06:23 - 00000000 ____D () C:\Users\Tianhe
2015-06-01 04:45 - 2012-12-22 15:53 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1146134481-3092128511-1725324078-1002
2015-06-01 04:41 - 2013-11-11 06:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-06-01 04:41 - 2013-11-11 06:15 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-06-01 04:41 - 2012-12-22 16:29 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 04:40 - 2013-08-22 16:46 - 00342298 _____ () C:\WINDOWS\setupact.log
2015-06-01 04:38 - 2013-11-11 06:16 - 01437616 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-01 04:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-06-01 04:32 - 2014-02-12 14:10 - 00000000 ___HD () C:\WINDOWS\PIF
2015-06-01 04:22 - 2013-09-30 06:14 - 02467344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-01 04:22 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-06-01 04:22 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-06-01 04:22 - 2012-12-22 18:15 - 00522396 _____ () C:\WINDOWS\system32\prfh0804.dat
2015-06-01 04:22 - 2012-12-22 18:15 - 00165966 _____ () C:\WINDOWS\system32\prfc0804.dat
2015-06-01 04:16 - 2012-12-22 19:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-06-01 04:16 - 2012-12-22 15:47 - 00000401 _____ () C:\Users\Tianhe\AppData\Roaming\sp_data.sys
2015-06-01 04:15 - 2013-11-11 06:44 - 00000000 ___DO () C:\Users\Tianhe\SkyDrive
2015-06-01 04:15 - 2013-09-29 21:04 - 00467704 _____ () C:\WINDOWS\PFRO.log
2015-06-01 04:15 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-01 04:15 - 2012-12-22 16:29 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 04:14 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-06-01 04:11 - 2012-12-25 05:08 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\Orbit
2015-06-01 04:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-01 02:47 - 2013-01-18 22:40 - 00000000 ____D () C:\Users\Tianhe\Desktop\Games
2015-06-01 02:41 - 2013-12-22 16:30 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F80EB9B7-B900-415A-8276-36BD2D9568C6}
2015-06-01 02:15 - 2014-12-01 16:42 - 00000000 ____D () C:\ProgramData\Origin
2015-06-01 02:10 - 2012-12-22 19:13 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\uTorrent
2015-05-31 12:59 - 2012-12-22 19:10 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\vlc
2015-05-30 10:52 - 2013-01-01 01:47 - 02170880 ___SH () C:\Users\Tianhe\Desktop\Thumbs.db
2015-05-29 01:28 - 2013-01-01 01:46 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\Skype
2015-05-29 01:11 - 2012-12-26 05:20 - 00000000 ____D () C:\Users\Tianhe\Documents\My Games
2015-05-29 01:11 - 2012-11-12 18:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-28 09:04 - 2013-11-11 06:16 - 00112968 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-05-28 09:04 - 2013-11-11 06:16 - 00105288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-05-28 09:04 - 2013-09-05 03:37 - 17486856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-05-28 09:04 - 2013-09-05 03:36 - 15864064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-05-28 09:04 - 2013-09-05 03:36 - 12852152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-05-28 09:04 - 2013-09-05 03:36 - 00030966 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-05-28 09:04 - 2013-09-05 03:35 - 03379680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-05-28 06:15 - 2013-11-11 06:16 - 06872904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-05-28 06:15 - 2013-11-11 06:16 - 03491984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-05-28 06:15 - 2013-11-11 06:16 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-05-28 06:15 - 2013-11-11 06:16 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-05-28 06:15 - 2013-11-11 06:16 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-05-28 06:15 - 2013-11-11 06:16 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-05-27 12:48 - 2014-05-27 00:57 - 04408727 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-05-26 19:10 - 2012-12-22 19:10 - 00000000 ___RD () C:\Users\Tianhe\Desktop\Application
2015-05-25 15:57 - 2014-04-24 22:53 - 00000000 ____D () C:\Users\Tianhe\AppData\Local\NVIDIA Corporation
2015-05-25 15:57 - 2013-11-11 06:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-05-25 15:57 - 2013-11-11 06:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-25 15:53 - 2013-08-22 16:44 - 00491904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-25 15:29 - 2014-04-24 22:37 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-25 15:28 - 2014-10-17 12:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-25 15:27 - 2014-10-17 12:08 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-25 15:13 - 2013-12-21 14:55 - 00000000 ____D () C:\Users\Tianhe\AppData\Local\Battle.net
2015-05-25 11:43 - 2015-03-06 23:43 - 00000000 ____D () C:\Users\Tianhe\AppData\Roaming\TS3Client
2015-05-25 11:40 - 2013-12-21 14:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-25 11:34 - 2013-01-23 12:50 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-05-25 11:33 - 2013-12-21 14:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-20 15:50 - 2015-04-05 00:11 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-20 15:50 - 2015-04-05 00:11 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-20 15:50 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-16 23:36 - 2012-12-22 16:29 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 23:36 - 2012-12-22 16:29 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 18:12 - 2012-08-17 02:52 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-15 18:01 - 2013-01-01 01:45 - 00000000 ____D () C:\ProgramData\Skype
2015-05-13 18:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-13 18:01 - 2013-03-14 03:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 18:01 - 2013-03-14 03:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 17:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-13 17:59 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 17:29 - 2013-02-14 22:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 17:28 - 2013-07-24 09:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 17:23 - 2012-12-22 16:14 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 17:22 - 2013-03-14 03:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 17:21 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 08:52 - 2015-01-22 23:46 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-05-12 08:27 - 2013-09-05 03:37 - 17540416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SETB823.tmp
2015-05-12 08:27 - 2013-09-05 03:36 - 15858728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SETAADF.tmp
2015-05-12 08:27 - 2013-09-05 03:36 - 12849056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SETC5F9.tmp
2015-05-12 08:27 - 2013-09-05 03:35 - 03363224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SETA03B.tmp
2015-05-05 19:59 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 14:08 - 2015-03-02 18:39 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-05 14:08 - 2015-03-02 18:39 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2014-09-22 23:36 - 2014-09-22 23:36 - 1177208 _____ () C:\Users\Tianhe\AppData\Roaming\AndyCleanupTool.exe
2014-09-22 23:36 - 2014-09-22 23:36 - 1176696 _____ () C:\Users\Tianhe\AppData\Roaming\AndyCleanVM.exe
2012-12-22 15:47 - 2015-06-01 04:16 - 0000401 _____ () C:\Users\Tianhe\AppData\Roaming\sp_data.sys
2014-05-16 01:20 - 2014-05-20 12:11 - 0000067 _____ () C:\Users\Tianhe\AppData\Roaming\yyinif.ini
2014-05-15 23:16 - 2014-05-27 01:02 - 0007609 _____ () C:\Users\Tianhe\AppData\Local\Resmon.ResmonCfg
2012-08-17 02:52 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 02:52 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some files in TEMP:
====================
C:\Users\Tianhe\AppData\Local\Temp\AutoRun.exe
C:\Users\Tianhe\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Tianhe\AppData\Local\Temp\avgnt.exe
C:\Users\Tianhe\AppData\Local\Temp\dl_peer_id.dll
C:\Users\Tianhe\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Tianhe\AppData\Local\Temp\eauninstall.exe
C:\Users\Tianhe\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Tianhe\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tianhe\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Tianhe\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Tianhe\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
C:\Users\Tianhe\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Tianhe\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Tianhe\AppData\Local\Temp\nvStInst.exe
C:\Users\Tianhe\AppData\Local\Temp\Quarantine.exe
C:\Users\Tianhe\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tianhe\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Tianhe\AppData\Local\Temp\sqlite3.dll
C:\Users\Tianhe\AppData\Local\Temp\unins000.exe
C:\Users\Tianhe\AppData\Local\Temp\utt12EE.tmp.exe
C:\Users\Tianhe\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Tianhe\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Tianhe\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Tianhe\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Tianhe\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Tianhe\AppData\Local\Temp\Wildstar.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-31 12:31

==================== End of log ============================