Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe com surrogate Issue


  • This topic is locked This topic is locked
24 replies to this topic

#1 Xavierwan

Xavierwan

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 03 June 2014 - 05:24 AM

Hi,

I am currently have issue with the dllhost.exe COM Surrogate on a windows 7 machine which is comsumming 25% of the CPU usage and makes my PC very slow and I keep getting alert from Macfee that the firewall has being turn off.

I have tried many anti virus /Malware software with no success.

Here are the FRST and Addition logs below. Thanks in advance for any help!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Xavier (administrator) on XAVIER-PC on 03-06-2014 17:29:45
Running from C:\Users\Xavier\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Alipay Inc. ) C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(xiami) C:\Users\Xavier\AppData\Roaming\XMusicUpdate\XMusicServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
(Alipay Inc. ) C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(BitTorrent Inc.) C:\Users\Xavier\AppData\Roaming\BitTorrent\BitTorrent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Farbar) C:\Users\Xavier\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103936 2012-07-23] (PC Tools)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Run: [BitTorrent] => C:\Users\Xavier\AppData\Roaming\BitTorrent\BitTorrent.exe [1238864 2014-05-14] (BitTorrent Inc.)
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8888;https=127.0.0.1:8888
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF4CE896E19ACE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} https://accesscontrol.citibank.co.kr/acsapp/initech/plugin/down/INIS60.cab
DPF: HKLM-x32 {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4_WOW64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16

FireFox:
========
FF ProfilePath: C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Speedial
FF Homepage: https://www.google.com.sg/
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\SysWOW64\aliedit\3.7.0.0\npAliSecCtrl64.dll (Alipay.com Inc. )
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @alipay.com/npalidcp - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\searchplugins\Speedial.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\artur.dubovoy@gmail.com [2014-05-18]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-08-05]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-07-12]
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-05-26]

Chrome:
=======
CHR HomePage: hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
CHR StartupUrls: "hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir="
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Xavier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (No Name) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-11]
CHR Extension: (SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-29]
CHR Extension: (RealDownloader) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-04]
CHR Extension: (FlashControl) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2012-03-30]
CHR Extension: (Google Wallet) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR Extension: (No Name) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-07-12]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com)
R2 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-05-01] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793088 2012-07-23] (PC Tools)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 XMusicServer; C:\Users\Xavier\AppData\Roaming\XMusicUpdate\XMusicServer.exe [1587400 2013-12-16] (xiami)

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 scskusbf; syswow64\drivers\scskusbf.sys [X]
S3 scskusbs; syswow64\drivers\scskusbs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 17:30 - 2014-06-03 17:31 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 17:30 - 2014-06-03 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-03 17:29 - 2014-06-03 17:32 - 00032372 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-03 17:29 - 2014-06-03 17:30 - 00000000 ____D () C:\FRST
2014-06-03 17:28 - 2014-06-03 17:28 - 02068992 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64(1).exe
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:14 - 2014-06-03 09:14 - 00015412 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:58 - 2014-06-03 17:24 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-03 08:58 - 2014-06-03 17:24 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-03 08:57 - 2014-06-03 08:57 - 00000304 _____ () C:\Windows\PFRO.log
2014-06-03 08:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:43 - 2014-06-03 08:53 - 00000000 ____D () C:\AdwCleaner
2014-06-03 08:42 - 2014-06-03 08:42 - 01327971 _____ () C:\Users\Xavier\Downloads\adwcleaner_3.211.exe
2014-06-03 08:37 - 2014-06-03 08:37 - 11568296 _____ (Elex do Brasil Participações Ltda) C:\Users\Xavier\Downloads\yet_another_cleaner_dne.exe
2014-06-03 08:26 - 2014-06-03 08:26 - 01243655 _____ () C:\Users\Xavier\Downloads\ProcessExplorer.zip
2014-06-03 08:19 - 2014-06-03 08:19 - 02068992 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 08:07 - 2014-06-03 08:07 - 00000000 ____D () C:\Users\Xavier\Downloads\zoek
2014-06-03 08:05 - 2014-06-03 08:05 - 04235784 _____ () C:\Users\Xavier\Downloads\zoek.rar
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00001853 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-02 07:27 - 2014-06-03 17:23 - 00000840 _____ () C:\Windows\setupact.log
2014-06-02 07:27 - 2014-06-02 07:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 21:56 - 2014-06-02 00:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-01 17:48 - 2014-06-01 20:19 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 12:58 - 2014-06-02 23:18 - 00000000 ____D () C:\Users\Xavier\Downloads\國模~楊依[23MOV3.17G]
2014-06-01 10:04 - 2014-06-01 10:06 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-06-01 08:26 - 2014-06-01 16:12 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-05-31 22:36 - 2014-05-31 22:39 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:09 - 2014-05-31 19:17 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:42 - 2014-05-31 18:52 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:42 - 2014-05-31 18:50 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:30 - 2014-05-31 18:43 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:30 - 2014-05-31 18:35 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:17 - 2014-05-31 18:21 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 18:12 - 2014-05-31 18:25 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:09 - 2014-05-31 18:26 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 16:15 - 2014-06-03 09:25 - 00085452 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 12:23 - 2014-05-31 13:16 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 01:41 - 2014-05-31 01:42 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 16:00 - 2014-05-30 16:02 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫:帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 08:57 - 2014-05-30 16:44 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 08:25 - 2014-05-30 18:41 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:58 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-05-26 19:57 - 2014-05-26 20:06 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-26 08:18 - 2014-05-31 10:36 - 1880215890 ____R () C:\Users\Xavier\Downloads\[HD]SW-261.avi
2014-05-25 21:17 - 2014-05-25 21:21 - 00000000 ____D () C:\Users\Xavier\Downloads\第一會所新片@SIS001@(SWITCH)(SW-259)一人暮らしの僕の隣に越してきたボイン姉妹。巨乳の谷間が寂しい僕のチ○コを誘ってくるので辛抱たまらん!!
2014-05-25 21:14 - 2014-05-31 10:02 - 1513802283 ____R () C:\Users\Xavier\Downloads\SPRD-728,.mp4
2014-05-25 21:12 - 2014-05-26 08:13 - 3212145227 ____R () C:\Users\Xavier\Downloads\[FHD]mdyd-898.mkv
2014-05-24 23:12 - 2014-05-24 23:13 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 08:31 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 08:31 - 2014-01-04 06:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-23 22:19 - 2014-05-24 10:17 - 2541015649 ____R () C:\Users\Xavier\Downloads\hunt843B,.wmv
2014-05-23 16:13 - 2014-05-24 21:13 - 00000000 ____D () C:\Windows\rescache
2014-05-23 08:49 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-23 08:49 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-23 08:49 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-23 08:49 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-23 08:49 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-23 08:49 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-23 08:49 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-23 08:42 - 2013-09-25 10:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-23 08:42 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-21 23:29 - 2014-05-21 23:43 - 00000000 ____D () C:\Users\Xavier\Downloads\DSKM-102
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:41 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-20 06:41 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 09:53 - 2014-05-30 10:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 10:18 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 09:22 - 2014-05-06 12:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:22 - 2014-05-06 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 09:22 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:18 - 2014-05-09 14:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 09:18 - 2014-03-25 10:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 09:18 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 09:17 - 2014-05-09 14:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 09:15 - 2014-04-12 10:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 09:15 - 2014-03-04 17:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 09:15 - 2014-03-04 17:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 09:14 - 2014-04-12 10:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 09:14 - 2014-04-12 10:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 09:14 - 2014-04-12 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 09:14 - 2014-04-12 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 23:49 - 2014-04-01 00:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-14 23:49 - 2014-04-01 00:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 16:52 - 2014-05-31 13:27 - 00000000 ____D () C:\Users\Xavier\Downloads\MDYD-910
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-09 07:09 - 2014-05-09 07:09 - 43723586 _____ () C:\Users\Xavier\Downloads\IMG_0475.MOV
2014-05-09 07:06 - 2014-05-09 07:06 - 18943573 _____ () C:\Users\Xavier\Downloads\Esc1.mp4
2014-05-09 06:55 - 2014-05-09 06:55 - 17806141 _____ () C:\Users\Xavier\Downloads\girl.wmv
2014-05-09 06:38 - 2014-05-09 06:38 - 26870080 _____ () C:\Users\Xavier\Downloads\downblouse.mp4
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieUserList
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieSiteList
2014-05-08 08:00 - 2014-05-08 08:00 - 36060610 _____ () C:\Users\Xavier\Downloads\[AnonDB.org]samantha_ong_ammy_s_sex_tape.rar
2014-05-08 07:38 - 2014-05-13 16:33 - 2205661922 _____ () C:\Users\Xavier\Downloads\0312-CESD-042.mkv
2014-05-07 07:56 - 2014-05-07 07:56 - 47963363 _____ () C:\Users\Xavier\Downloads\AdorkableRawr (5).flv
2014-05-07 07:54 - 2014-05-07 07:54 - 26337881 _____ () C:\Users\Xavier\Downloads\webcam 09.mp4
2014-05-07 07:50 - 2014-05-07 07:50 - 41276298 _____ () C:\Users\Xavier\Downloads\480P_600k_25096452.mp4
2014-05-06 23:57 - 2014-05-15 11:39 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-03 17:32 - 2014-06-03 17:29 - 00032372 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-03 17:32 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Temp
2014-06-03 17:31 - 2014-06-03 17:30 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 17:30 - 2014-06-03 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-03 17:30 - 2014-06-03 17:29 - 00000000 ____D () C:\FRST
2014-06-03 17:29 - 2013-05-18 14:25 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\BitTorrent
2014-06-03 17:28 - 2014-06-03 17:28 - 02068992 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64(1).exe
2014-06-03 17:24 - 2014-06-03 08:58 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-03 17:24 - 2014-06-03 08:58 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-03 17:24 - 2013-11-26 15:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 17:24 - 2012-09-02 09:38 - 00000286 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-06-03 17:24 - 2012-09-01 21:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-03 17:24 - 2012-09-01 21:11 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2014-06-03 17:23 - 2014-06-02 07:27 - 00000840 _____ () C:\Windows\setupact.log
2014-06-03 17:23 - 2010-06-16 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-03 17:23 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 09:25 - 2014-05-31 16:15 - 00085452 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 09:24 - 2010-08-04 07:32 - 00007595 _____ () C:\Users\Xavier\AppData\Local\Resmon.ResmonCfg
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:14 - 2014-06-03 09:14 - 00015412 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-03 09:14 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 09:14 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 09:10 - 2012-08-20 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:57 - 2014-06-03 08:57 - 00000304 _____ () C:\Windows\PFRO.log
2014-06-03 08:53 - 2014-06-03 08:43 - 00000000 ____D () C:\AdwCleaner
2014-06-03 08:47 - 2010-11-26 08:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA.job
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:42 - 2014-06-03 08:42 - 01327971 _____ () C:\Users\Xavier\Downloads\adwcleaner_3.211.exe
2014-06-03 08:37 - 2014-06-03 08:37 - 11568296 _____ (Elex do Brasil Participações Ltda) C:\Users\Xavier\Downloads\yet_another_cleaner_dne.exe
2014-06-03 08:35 - 2013-11-26 15:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 08:26 - 2014-06-03 08:26 - 01243655 _____ () C:\Users\Xavier\Downloads\ProcessExplorer.zip
2014-06-03 08:19 - 2014-06-03 08:19 - 02068992 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-03 08:17 - 2014-02-17 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\TaobaoProtect
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 08:07 - 2014-06-03 08:07 - 00000000 ____D () C:\Users\Xavier\Downloads\zoek
2014-06-03 08:05 - 2014-06-03 08:05 - 04235784 _____ () C:\Users\Xavier\Downloads\zoek.rar
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:47 - 2010-11-26 08:53 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core.job
2014-06-02 23:43 - 2014-06-02 23:43 - 00001853 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-02 23:18 - 2014-06-01 12:58 - 00000000 ____D () C:\Users\Xavier\Downloads\國模~楊依[23MOV3.17G]
2014-06-02 07:27 - 2014-06-02 07:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-02 00:56 - 2014-06-01 21:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-02 00:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 21:40 - 2013-11-26 15:58 - 00000000 ____D () C:\Program Files\Google
2014-06-01 21:40 - 2013-11-26 15:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-01 20:19 - 2014-06-01 17:48 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 16:12 - 2014-06-01 08:26 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-06-01 10:06 - 2014-06-01 10:04 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-05-31 22:39 - 2014-05-31 22:36 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:17 - 2014-05-31 19:09 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:52 - 2014-05-31 18:42 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:50 - 2014-05-31 18:42 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:43 - 2014-05-31 18:30 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:35 - 2014-05-31 18:30 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:26 - 2014-05-31 18:09 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 18:25 - 2014-05-31 18:12 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:21 - 2014-05-31 18:17 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 13:27 - 2014-05-13 16:52 - 00000000 ____D () C:\Users\Xavier\Downloads\MDYD-910
2014-05-31 13:16 - 2014-05-31 12:23 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 13:15 - 2014-04-29 07:10 - 38258837 _____ () C:\Users\Xavier\Downloads\12345.rar
2014-05-31 12:42 - 2011-10-14 23:36 - 00000000 ____D () C:\Windows\pss
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2010-06-19 14:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-31 10:54 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-31 10:54 - 2009-07-14 12:54 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-05-31 10:54 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-31 10:54 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 10:36 - 2014-05-26 08:18 - 1880215890 ____R () C:\Users\Xavier\Downloads\[HD]SW-261.avi
2014-05-31 10:02 - 2014-05-25 21:14 - 1513802283 ____R () C:\Users\Xavier\Downloads\SPRD-728,.mp4
2014-05-31 01:42 - 2014-05-31 01:41 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 18:41 - 2014-05-30 08:25 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-30 16:44 - 2014-05-30 08:57 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 16:02 - 2014-05-30 16:00 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫:帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 10:01 - 2014-05-15 09:53 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-27 06:29 - 2010-06-15 23:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-10-01 21:53 - 00000000 ____D () C:\Program Files\McAfee
2014-05-26 20:07 - 2010-06-15 23:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-26 20:06 - 2014-05-26 19:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:47 - 2010-06-16 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-26 19:22 - 2010-12-20 09:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-26 08:13 - 2014-05-25 21:12 - 3212145227 ____R () C:\Users\Xavier\Downloads\[FHD]mdyd-898.mkv
2014-05-25 21:21 - 2014-05-25 21:17 - 00000000 ____D () C:\Users\Xavier\Downloads\第一會所新片@SIS001@(SWITCH)(SW-259)一人暮らしの僕の隣に越してきたボイン姉妹。巨乳の谷間が寂しい僕のチ○コを誘ってくるので辛抱たまらん!!
2014-05-25 10:29 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-24 23:13 - 2014-05-24 23:12 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 21:57 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier
2014-05-24 21:13 - 2014-05-23 16:13 - 00000000 ____D () C:\Windows\rescache
2014-05-24 20:35 - 2009-07-14 10:34 - 79167488 _____ () C:\Windows\system32\config\software.rmbak
2014-05-24 20:35 - 2009-07-14 10:34 - 02097152 _____ () C:\Windows\system32\config\default.rmbak
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 19:43 - 2014-04-20 15:21 - 00000000 ____D () C:\Users\Xavier\Downloads\Edited folder
2014-05-24 10:17 - 2014-05-23 22:19 - 2541015649 ____R () C:\Users\Xavier\Downloads\hunt843B,.wmv
2014-05-23 08:48 - 2012-06-03 13:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-23 08:48 - 2010-06-18 15:43 - 00000000 ____D () C:\Temp
2014-05-23 08:45 - 2012-06-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-22 17:18 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files\stinger
2014-05-21 23:43 - 2014-05-21 23:29 - 00000000 ____D () C:\Users\Xavier\Downloads\DSKM-102
2014-05-21 18:04 - 2009-07-14 13:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-17 09:29 - 2013-03-20 08:25 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 09:10 - 2013-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 00:49 - 2010-08-17 17:41 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\SoftGrid Client
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 17:31 - 2013-12-26 21:47 - 00014915 _____ () C:\Users\Xavier\Documents\My Toys.xlsx
2014-05-15 11:56 - 2010-06-18 15:25 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 11:48 - 2012-08-20 08:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 11:48 - 2012-06-10 23:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 11:48 - 2012-06-10 23:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 11:45 - 2010-06-18 15:29 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 11:39 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 11:25 - 2010-06-16 15:16 - 00000000 ____D () C:\dell
2014-05-15 10:18 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:53 - 2010-06-18 15:29 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Dell
2014-05-15 09:53 - 2010-06-16 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:52 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\Dell
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2013-07-12 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:50 - 2013-12-03 17:32 - 00000000 ____D () C:\Users\Xavier\AppData\Local\NVIDIA Corporation
2014-05-14 23:50 - 2012-06-03 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-14 23:45 - 2010-06-18 19:44 - 00000000 ____D () C:\Users\Xavier\Tracing
2014-05-13 22:48 - 2010-10-20 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Windows Live
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 22:44 - 2013-07-08 16:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-13 22:43 - 2013-07-08 16:13 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-13 22:43 - 2013-07-08 16:13 - 00001382 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-13 22:43 - 2010-10-20 17:39 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-05-13 22:42 - 2013-07-08 16:12 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-13 22:42 - 2010-06-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-13 16:33 - 2014-05-08 07:38 - 2205661922 _____ () C:\Users\Xavier\Downloads\0312-CESD-042.mkv
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-09 14:14 - 2014-05-15 09:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 14:11 - 2014-05-15 09:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-09 07:09 - 2014-05-09 07:09 - 43723586 _____ () C:\Users\Xavier\Downloads\IMG_0475.MOV
2014-05-09 07:06 - 2014-05-09 07:06 - 18943573 _____ () C:\Users\Xavier\Downloads\Esc1.mp4
2014-05-09 06:55 - 2014-05-09 06:55 - 17806141 _____ () C:\Users\Xavier\Downloads\girl.wmv
2014-05-09 06:38 - 2014-05-09 06:38 - 26870080 _____ () C:\Users\Xavier\Downloads\downblouse.mp4
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieUserList
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieSiteList
2014-05-08 08:00 - 2014-05-08 08:00 - 36060610 _____ () C:\Users\Xavier\Downloads\[AnonDB.org]samantha_ong_ammy_s_sex_tape.rar
2014-05-07 07:56 - 2014-05-07 07:56 - 47963363 _____ () C:\Users\Xavier\Downloads\AdorkableRawr (5).flv
2014-05-07 07:54 - 2014-05-07 07:54 - 26337881 _____ () C:\Users\Xavier\Downloads\webcam 09.mp4
2014-05-07 07:50 - 2014-05-07 07:50 - 41276298 _____ () C:\Users\Xavier\Downloads\480P_600k_25096452.mp4
2014-05-07 07:29 - 2013-11-26 15:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 07:29 - 2013-11-26 15:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 23:42 - 2010-11-26 08:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA
2014-05-06 23:42 - 2010-11-26 08:53 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core
2014-05-06 12:40 - 2014-05-15 09:22 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 12:17 - 2014-05-15 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 11:25 - 2014-05-15 09:22 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 11:07 - 2014-05-15 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 11:00 - 2014-05-15 09:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 10:10 - 2014-05-15 09:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 17:12 - 2010-06-19 03:05 - 93223848 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Xavier\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 17:53

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Xavier at 2014-06-03 17:33:25
Running from C:\Users\Xavier\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Alipay security control 3.7.0.0 (x32 Version: 3.7.0.0 - Alipay.com Co., Ltd.) Hidden
AlipayDHC 1.1.0.0 (x32 Version: 1.1.0.0 - Alipay.com Co., Ltd.) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV Player (HKLM-x32\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.31141 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.7.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.8.0.5 - Canon Inc.)
Canon SELPHY CP780 (HKLM\...\Canon SELPHY CP780) (Version:  - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.1.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities SELPHY Photo Print (HKLM-x32\...\SELPHY Photo Print) (Version: 1.0.1.5 - Canon Inc.)
Canon Utilities SELPHY Print Contents 1.0.0 (HKLM-x32\...\SELPHY Print Contents 100) (Version: 1.0.0.8 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.2.33 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.1.10 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.3.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.4.11327 - Blizzard Entertainment)
Dragon Nest SEA (HKLM-x32\...\{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}) (Version: 1.41.0000 - Shanda Games International)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
iFunbox (v2.6.2375.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.6.2375.747 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Control Panel 320.78 (Version: 320.78 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2078 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Ö§¸¶±¦°²È«¿Ø¼þ 3.22.0.0 (HKLM-x32\...\alieditplus) (Version: 3.22.0.0 - Alipay.com Co., Ltd.)
Opera Next 18.0.1284.26 (HKLM-x32\...\Opera 18.0.1284.26) (Version: 18.0.1284.26 - Opera Software ASA)
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photomatix Pro version 3.2.7 (HKLM\...\PhotomatixPro3x32_is1) (Version: 3.2.7 - HDRsoft Sarl)
PIXresizer 2.0.4 (HKLM-x32\...\PIXresizer_is1) (Version:  - Bluefive software)
PocketWizard Utility (HKLM-x32\...\{B8D5132A-0E69-4EDC-B4CB-8C13E0B75865}) (Version: 1.35 - LPA Design)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
ProShow Plugins for Lightroom (HKLM-x32\...\ProShow Plugins for Lightroom) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Anansi (HKLM-x32\...\{58AA0670-2352-424B-BE5F-CF59EDD07EA0}) (Version: 1.05.04 - Razer USA Ltd.)
Razer Anansi Firmware Updater (HKLM-x32\...\{1A2AADF0-6832-4471-8A15-EB068B7DC9F1}) (Version: 1.02.03 - Razer USA Ltd.)
Razer Imperator (HKLM-x32\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Razer Imperator Firmware Updater (HKLM-x32\...\{D9292112-253F-438D-B1AB-432E5A1FE1B5}) (Version: 1.16.00 - Razer USA Ltd.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeTransaction 5.10.0.0 (x32 Version: 5.10.0.0 - Alipay.com Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.49.1000 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Windows 7 Codec Pack 3.4.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 3.4.0 - Windows 7 Codec Pack)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode version 3.1.6.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.6.9 - XMedia Recode)

==================== Restore Points  =========================

02-06-2014 15:12:55 Installed QuickTime 7
02-06-2014 15:42:33 McAfee Vulnerability Scanner

==================== Hosts content: ==========================

2010-06-20 03:40 - 2010-06-20 10:24 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {1DAE4070-3BD6-4FA6-8272-1990C47A1183} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2B165DDC-7021-4997-BB61-128AB358D408} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {4E5515AE-C858-416A-9E0F-13AC85BB8D05} - System32\Tasks\auto shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {524DAB8A-3B07-4DF5-B6D0-211D28B21364} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {61C10D8E-AB3A-48DA-98AB-EC899938B40B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {622379C4-767C-4569-9E0F-4E3A08450191} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6E637F4D-CB25-4968-9865-FFC6EC16C24A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {7FBA6396-FC70-4345-9515-92C115E55933} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8C83E7EB-773E-4078-BA06-4C045CF3A011} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {8C99B018-C281-4F49-A4CD-121819ED5534} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {9ADEE012-4786-47E2-95C0-9CE162AAC4AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {9D1CD1B6-EC6E-4BA3-9218-EA7EFF5F722A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {AE5E121C-71F6-4E9D-9CD5-17CF419C66C2} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-07-23] (PC Tools)
Task: {B0ECA1C8-6AC4-47F7-924B-CB367BE4E55A} - System32\Tasks\PC shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {B4CDBAAC-812C-4576-BD69-08F8AADA9CAC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {BE4867D3-1445-4779-A1F2-8691A72DF98A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C0758E40-AE18-4282-8AC1-F966E0EA5FA1} - System32\Tasks\AdobeAAMUpdater-1.0-Xavier-PC-Xavier => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {C4E8939A-50F9-4B49-80A7-F9E1EAF1D0AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26] (Google Inc.)
Task: {C5916752-8F95-4FF9-A48C-481EE0BFA920} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26] (Google Inc.)
Task: {C7BE2B8F-50B4-4B8E-AFB3-4CFB4E1C753A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {D314192E-059E-47EA-88E7-E88A50E19F86} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\real\realplayer\update\realsched.exe [2013-12-21] (RealNetworks, Inc.)
Task: {E1BB9C8E-4707-416A-A4F5-4AA9729A86F9} - System32\Tasks\Google Updater and Installer => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26] (Google Inc.)
Task: {EA0D917A-EC94-49A9-9C02-75EED3AEF32B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-22] (Adobe Systems Incorporated)
Task: {F4BD8612-3B20-45EA-B6C5-4D02790BA142} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core.job => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA.job => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe

==================== Loaded Modules (whitelisted) =============

2012-06-03 13:11 - 2013-08-10 04:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-12 22:01 - 2014-02-12 22:01 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\cf2f71599d9d7f8b91695683eb030cb1\VistaBridgeLibrary.ni.dll
2009-12-15 21:14 - 2009-12-15 21:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-15 23:55 - 2010-07-21 23:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-15 23:55 - 2010-07-21 23:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-15 23:55 - 2010-07-21 23:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2014-05-16 23:41 - 2014-05-16 23:41 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-15 11:48 - 2014-05-15 11:48 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SELPHY Photo Print Launcher.lnk => C:\Windows\pss\SELPHY Photo Print Launcher.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellSupportCenter =>
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Razer Anansi Driver => C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe
MSCONFIG\startupreg: Razer Imperator Driver => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== Faulty Device Manager Devices =============

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2014 05:31:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0xbbc
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/03/2014 05:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x1bd4
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/03/2014 05:28:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x19e8
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/03/2014 05:25:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x78c
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/03/2014 09:24:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x5dc
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/03/2014 09:19:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x4d8
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/03/2014 09:18:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x9dc
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3


System errors:
=============
Error: (06/03/2014 05:32:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (06/03/2014 05:31:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Platform Services service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/03/2014 05:31:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee VirusScan Announcer service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/03/2014 05:31:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/03/2014 05:31:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Home Network service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/03/2014 05:31:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee VirusScan Announcer service, but this action failed with the following error:
%%1056

Error: (06/03/2014 05:30:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Anti-Spam Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/03/2014 05:30:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Proxy Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/03/2014 05:30:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Platform Services service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/03/2014 05:30:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee VirusScan Announcer service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (06/03/2014 05:31:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae400000150000000000023799bbc01cf7f0e7333f872C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.execbc8cf44-eb01-11e3-932b-b8ac6fa665a0

Error: (06/03/2014 05:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae4000001500000000000237991bd401cf7f0e308ad6e6C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe9dc301d7-eb01-11e3-932b-b8ac6fa665a0

Error: (06/03/2014 05:28:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae40000015000000000002379919e801cf7f0de6d8e8e5C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe6d20f44b-eb01-11e3-932b-b8ac6fa665a0

Error: (06/03/2014 05:25:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae40000015000000000002379978c01cf7f0d88ea5b70C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe087090f9-eb01-11e3-932b-b8ac6fa665a0

Error: (06/03/2014 09:24:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae4000001500000000000237995dc01cf7eca8f7a529eC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exed6ff7044-eabd-11e3-b802-b8ac6fa665a0

Error: (06/03/2014 09:19:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae4000001500000000000237994d801cf7ec9d7c60aaaC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe26f570f1-eabd-11e3-b802-b8ac6fa665a0

Error: (06/03/2014 09:18:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae4000001500000000000237999dc01cf7ec9a1d1e230C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exef7cf1b7d-eabc-11e3-b802-b8ac6fa665a0


==================== Memory info ===========================

Percentage of memory in use: 66%
Total physical RAM: 3959.12 MB
Available physical RAM: 1339.28 MB
Total Pagefile: 7916.41 MB
Available Pagefile: 5171.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:260.69 GB) (Free:20.64 GB) NTFS
Drive i: (Censored Movies N-Z) (Fixed) (Total:931.48 GB) (Free:2.75 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:195.31 GB) (Free:19.82 GB) NTFS
Drive k: (Itunes Medias) (Fixed) (Total:596.17 GB) (Free:186.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C0000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=261 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195 GB) - (Type=OF Extended)

========================================================
Disk: 5 (Size: 931 GB) (Disk ID: AAFD8C80)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 596 GB) (Disk ID: 0124982C)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

BC AdBot (Login to Remove)

 


#2 Xavierwan

Xavierwan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 03 June 2014 - 06:43 AM

Hi,

While waiting for your assistant I tried few software to remove some Malware, the issue of  dllhost.exe COM Surrogate on a windows 7 machine which is comsumming alot of the CPU usage seems to improve but I still keep gettng the alert from Macfee that the firewall has being turn off. Please help to check what's wrong. Thanks.

Below is the updated FRST.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Xavier (administrator) on XAVIER-PC on 03-06-2014 20:52:57
Running from C:\Users\Xavier\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Alipay Inc. ) C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(xiami) C:\Users\Xavier\AppData\Roaming\XMusicUpdate\XMusicServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(BitTorrent Inc.) C:\Users\Xavier\AppData\Roaming\BitTorrent\BitTorrent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
(Alipay Inc. ) C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103936 2012-07-23] (PC Tools)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Run: [BitTorrent] => C:\Users\Xavier\AppData\Roaming\BitTorrent\BitTorrent.exe [1238864 2014-05-14] (BitTorrent Inc.)
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8888;https=127.0.0.1:8888
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF4CE896E19ACE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} https://accesscontrol.citibank.co.kr/acsapp/initech/plugin/down/INIS60.cab
DPF: HKLM-x32 {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4_WOW64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16

FireFox:
========
FF ProfilePath: C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Speedial
FF Homepage: https://www.google.com.sg/
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\SysWOW64\aliedit\3.7.0.0\npAliSecCtrl64.dll (Alipay.com Inc. )
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @alipay.com/npalidcp - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\artur.dubovoy@gmail.com [2014-05-18]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-08-05]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-07-12]
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-05-26]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir="
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Xavier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-29]
CHR Extension: (RealDownloader) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-04]
CHR Extension: (FlashControl) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2012-03-30]
CHR Extension: (Google Wallet) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com)
R2 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-05-01] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793088 2012-07-23] (PC Tools)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 XMusicServer; C:\Users\Xavier\AppData\Roaming\XMusicUpdate\XMusicServer.exe [1587400 2013-12-16] (xiami)

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 scskusbf; syswow64\drivers\scskusbf.sys [X]
S3 scskusbs; syswow64\drivers\scskusbs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 20:52 - 2014-06-03 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-03 20:22 - 2014-06-03 20:47 - 00000618 _____ () C:\Windows\PFRO.log
2014-06-03 20:22 - 2014-06-03 20:47 - 00000336 _____ () C:\Windows\setupact.log
2014-06-03 20:22 - 2014-06-03 20:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-03 20:10 - 2014-06-03 20:13 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 17:56 - 2014-06-03 20:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 17:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:33 - 2014-06-03 17:34 - 00040179 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 17:30 - 2014-06-03 17:31 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 17:29 - 2014-06-03 20:54 - 00032584 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-03 17:29 - 2014-06-03 20:53 - 00000000 ____D () C:\FRST
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:58 - 2014-06-03 20:47 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-03 08:58 - 2014-06-03 20:47 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-03 08:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:43 - 2014-06-03 20:45 - 00000000 ____D () C:\AdwCleaner
2014-06-03 08:42 - 2014-06-03 08:42 - 01327971 _____ () C:\Users\Xavier\Downloads\adwcleaner_3.211.exe
2014-06-03 08:19 - 2014-06-03 08:19 - 02068992 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 08:07 - 2014-06-03 08:07 - 00000000 ____D () C:\Users\Xavier\Downloads\zoek
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 21:56 - 2014-06-02 00:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-01 17:48 - 2014-06-01 20:19 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 12:58 - 2014-06-02 23:18 - 00000000 ____D () C:\Users\Xavier\Downloads\國模~楊依[23MOV3.17G]
2014-06-01 10:04 - 2014-06-01 10:06 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-06-01 08:26 - 2014-06-01 16:12 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-05-31 22:36 - 2014-05-31 22:39 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:09 - 2014-05-31 19:17 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:42 - 2014-05-31 18:52 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:42 - 2014-05-31 18:50 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:30 - 2014-05-31 18:43 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:30 - 2014-05-31 18:35 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:17 - 2014-05-31 18:21 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 18:12 - 2014-05-31 18:25 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:09 - 2014-05-31 18:26 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 16:15 - 2014-06-03 20:52 - 00135168 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 12:23 - 2014-05-31 13:16 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 01:41 - 2014-05-31 01:42 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 16:00 - 2014-05-30 16:02 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫:帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 08:57 - 2014-05-30 16:44 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 08:25 - 2014-05-30 18:41 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:58 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-05-26 19:57 - 2014-05-26 20:06 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-26 08:18 - 2014-05-31 10:36 - 1880215890 ____R () C:\Users\Xavier\Downloads\[HD]SW-261.avi
2014-05-25 21:17 - 2014-05-25 21:21 - 00000000 ____D () C:\Users\Xavier\Downloads\第一會所新片@SIS001@(SWITCH)(SW-259)一人暮らしの僕の隣に越してきたボイン姉妹。巨乳の谷間が寂しい僕のチ○コを誘ってくるので辛抱たまらん!!
2014-05-25 21:14 - 2014-05-31 10:02 - 1513802283 ____R () C:\Users\Xavier\Downloads\SPRD-728,.mp4
2014-05-25 21:12 - 2014-05-26 08:13 - 3212145227 ____R () C:\Users\Xavier\Downloads\[FHD]mdyd-898.mkv
2014-05-24 23:12 - 2014-05-24 23:13 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 08:31 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 08:31 - 2014-01-04 06:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-23 22:19 - 2014-05-24 10:17 - 2541015649 ____R () C:\Users\Xavier\Downloads\hunt843B,.wmv
2014-05-23 16:13 - 2014-05-24 21:13 - 00000000 ____D () C:\Windows\rescache
2014-05-23 08:49 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-23 08:49 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-23 08:49 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-23 08:49 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-23 08:49 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-23 08:49 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-23 08:49 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-23 08:42 - 2013-09-25 10:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-23 08:42 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-21 23:29 - 2014-05-21 23:43 - 00000000 ____D () C:\Users\Xavier\Downloads\DSKM-102
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:41 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-20 06:41 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 09:53 - 2014-05-30 10:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 10:18 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 09:22 - 2014-05-06 12:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:22 - 2014-05-06 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 09:22 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:18 - 2014-05-09 14:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 09:18 - 2014-03-25 10:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 09:18 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 09:17 - 2014-05-09 14:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 09:15 - 2014-04-12 10:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 09:15 - 2014-03-04 17:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 09:15 - 2014-03-04 17:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 09:14 - 2014-04-12 10:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 09:14 - 2014-04-12 10:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 09:14 - 2014-04-12 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 09:14 - 2014-04-12 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 23:49 - 2014-04-01 00:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-14 23:49 - 2014-04-01 00:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 16:52 - 2014-05-31 13:27 - 00000000 ____D () C:\Users\Xavier\Downloads\MDYD-910
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-09 07:09 - 2014-05-09 07:09 - 43723586 _____ () C:\Users\Xavier\Downloads\IMG_0475.MOV
2014-05-09 07:06 - 2014-05-09 07:06 - 18943573 _____ () C:\Users\Xavier\Downloads\Esc1.mp4
2014-05-09 06:55 - 2014-05-09 06:55 - 17806141 _____ () C:\Users\Xavier\Downloads\girl.wmv
2014-05-09 06:38 - 2014-05-09 06:38 - 26870080 _____ () C:\Users\Xavier\Downloads\downblouse.mp4
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieUserList
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieSiteList
2014-05-08 08:00 - 2014-05-08 08:00 - 36060610 _____ () C:\Users\Xavier\Downloads\[AnonDB.org]samantha_ong_ammy_s_sex_tape.rar
2014-05-08 07:38 - 2014-05-13 16:33 - 2205661922 _____ () C:\Users\Xavier\Downloads\0312-CESD-042.mkv
2014-05-07 07:56 - 2014-05-07 07:56 - 47963363 _____ () C:\Users\Xavier\Downloads\AdorkableRawr (5).flv
2014-05-07 07:54 - 2014-05-07 07:54 - 26337881 _____ () C:\Users\Xavier\Downloads\webcam 09.mp4
2014-05-07 07:50 - 2014-05-07 07:50 - 41276298 _____ () C:\Users\Xavier\Downloads\480P_600k_25096452.mp4
2014-05-06 23:57 - 2014-05-15 11:39 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-03 20:54 - 2014-06-03 17:29 - 00032584 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-03 20:54 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Temp
2014-06-03 20:53 - 2014-06-03 17:29 - 00000000 ____D () C:\FRST
2014-06-03 20:52 - 2014-06-03 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-03 20:52 - 2014-05-31 16:15 - 00135168 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 20:52 - 2013-05-18 14:25 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\BitTorrent
2014-06-03 20:49 - 2014-06-03 17:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 20:47 - 2014-06-03 20:22 - 00000618 _____ () C:\Windows\PFRO.log
2014-06-03 20:47 - 2014-06-03 20:22 - 00000336 _____ () C:\Windows\setupact.log
2014-06-03 20:47 - 2014-06-03 08:58 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-03 20:47 - 2014-06-03 08:58 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-03 20:47 - 2013-11-26 15:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 20:47 - 2012-09-02 09:38 - 00000286 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-06-03 20:47 - 2012-09-01 21:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-03 20:47 - 2012-09-01 21:11 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2014-06-03 20:47 - 2010-06-16 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-03 20:47 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 20:45 - 2014-06-03 08:43 - 00000000 ____D () C:\AdwCleaner
2014-06-03 20:39 - 2014-02-17 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\TaobaoProtect
2014-06-03 20:34 - 2013-11-26 15:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 20:30 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 20:30 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 20:22 - 2014-06-03 20:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-03 20:13 - 2014-06-03 20:10 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 20:10 - 2012-08-20 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 19:47 - 2010-11-26 08:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA.job
2014-06-03 19:32 - 2014-06-03 19:32 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 19:32 - 2010-06-19 21:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-03 19:32 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2010-12-06 09:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:34 - 2014-06-03 17:33 - 00040179 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 17:31 - 2014-06-03 17:30 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 09:24 - 2010-08-04 07:32 - 00007595 _____ () C:\Users\Xavier\AppData\Local\Resmon.ResmonCfg
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:42 - 2014-06-03 08:42 - 01327971 _____ () C:\Users\Xavier\Downloads\adwcleaner_3.211.exe
2014-06-03 08:19 - 2014-06-03 08:19 - 02068992 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 08:07 - 2014-06-03 08:07 - 00000000 ____D () C:\Users\Xavier\Downloads\zoek
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:47 - 2010-11-26 08:53 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core.job
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-02 23:18 - 2014-06-01 12:58 - 00000000 ____D () C:\Users\Xavier\Downloads\國模~楊依[23MOV3.17G]
2014-06-02 00:56 - 2014-06-01 21:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-02 00:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 21:40 - 2013-11-26 15:58 - 00000000 ____D () C:\Program Files\Google
2014-06-01 21:40 - 2013-11-26 15:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-01 20:19 - 2014-06-01 17:48 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 16:12 - 2014-06-01 08:26 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-06-01 10:06 - 2014-06-01 10:04 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-05-31 22:39 - 2014-05-31 22:36 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:17 - 2014-05-31 19:09 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:52 - 2014-05-31 18:42 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:50 - 2014-05-31 18:42 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:43 - 2014-05-31 18:30 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:35 - 2014-05-31 18:30 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:26 - 2014-05-31 18:09 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 18:25 - 2014-05-31 18:12 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:21 - 2014-05-31 18:17 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 13:27 - 2014-05-13 16:52 - 00000000 ____D () C:\Users\Xavier\Downloads\MDYD-910
2014-05-31 13:16 - 2014-05-31 12:23 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 13:15 - 2014-04-29 07:10 - 38258837 _____ () C:\Users\Xavier\Downloads\12345.rar
2014-05-31 12:42 - 2011-10-14 23:36 - 00000000 ____D () C:\Windows\pss
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2010-06-19 14:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-31 10:54 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-31 10:54 - 2009-07-14 12:54 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-05-31 10:54 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-31 10:36 - 2014-05-26 08:18 - 1880215890 ____R () C:\Users\Xavier\Downloads\[HD]SW-261.avi
2014-05-31 10:02 - 2014-05-25 21:14 - 1513802283 ____R () C:\Users\Xavier\Downloads\SPRD-728,.mp4
2014-05-31 01:42 - 2014-05-31 01:41 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 18:41 - 2014-05-30 08:25 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-30 16:44 - 2014-05-30 08:57 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 16:02 - 2014-05-30 16:00 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫:帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 10:01 - 2014-05-15 09:53 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-27 06:29 - 2010-06-15 23:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-10-01 21:53 - 00000000 ____D () C:\Program Files\McAfee
2014-05-26 20:07 - 2010-06-15 23:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-26 20:06 - 2014-05-26 19:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:47 - 2010-06-16 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-26 19:22 - 2010-12-20 09:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-26 08:13 - 2014-05-25 21:12 - 3212145227 ____R () C:\Users\Xavier\Downloads\[FHD]mdyd-898.mkv
2014-05-25 21:21 - 2014-05-25 21:17 - 00000000 ____D () C:\Users\Xavier\Downloads\第一會所新片@SIS001@(SWITCH)(SW-259)一人暮らしの僕の隣に越してきたボイン姉妹。巨乳の谷間が寂しい僕のチ○コを誘ってくるので辛抱たまらん!!
2014-05-25 10:29 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-24 23:13 - 2014-05-24 23:12 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 21:57 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier
2014-05-24 21:13 - 2014-05-23 16:13 - 00000000 ____D () C:\Windows\rescache
2014-05-24 20:35 - 2009-07-14 10:34 - 79167488 _____ () C:\Windows\system32\config\software.rmbak
2014-05-24 20:35 - 2009-07-14 10:34 - 02097152 _____ () C:\Windows\system32\config\default.rmbak
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 19:43 - 2014-04-20 15:21 - 00000000 ____D () C:\Users\Xavier\Downloads\Edited folder
2014-05-24 10:17 - 2014-05-23 22:19 - 2541015649 ____R () C:\Users\Xavier\Downloads\hunt843B,.wmv
2014-05-23 08:48 - 2012-06-03 13:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-23 08:48 - 2010-06-18 15:43 - 00000000 ____D () C:\Temp
2014-05-23 08:45 - 2012-06-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-22 17:18 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files\stinger
2014-05-21 23:43 - 2014-05-21 23:29 - 00000000 ____D () C:\Users\Xavier\Downloads\DSKM-102
2014-05-21 18:04 - 2009-07-14 13:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-17 09:29 - 2013-03-20 08:25 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 09:10 - 2013-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 00:49 - 2010-08-17 17:41 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\SoftGrid Client
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 17:31 - 2013-12-26 21:47 - 00014915 _____ () C:\Users\Xavier\Documents\My Toys.xlsx
2014-05-15 11:56 - 2010-06-18 15:25 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 11:48 - 2012-08-20 08:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 11:48 - 2012-06-10 23:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 11:48 - 2012-06-10 23:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 11:45 - 2010-06-18 15:29 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 11:39 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 11:25 - 2010-06-16 15:16 - 00000000 ____D () C:\dell
2014-05-15 10:18 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:53 - 2010-06-18 15:29 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Dell
2014-05-15 09:53 - 2010-06-16 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:52 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\Dell
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2013-07-12 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:50 - 2013-12-03 17:32 - 00000000 ____D () C:\Users\Xavier\AppData\Local\NVIDIA Corporation
2014-05-14 23:50 - 2012-06-03 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-14 23:45 - 2010-06-18 19:44 - 00000000 ____D () C:\Users\Xavier\Tracing
2014-05-13 22:48 - 2010-10-20 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Windows Live
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 22:44 - 2013-07-08 16:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-13 22:43 - 2013-07-08 16:13 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-13 22:43 - 2013-07-08 16:13 - 00001382 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-13 22:43 - 2010-10-20 17:39 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-05-13 22:42 - 2013-07-08 16:12 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-13 22:42 - 2010-06-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-13 16:33 - 2014-05-08 07:38 - 2205661922 _____ () C:\Users\Xavier\Downloads\0312-CESD-042.mkv
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-12 07:26 - 2014-06-03 17:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 17:53 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2010-12-06 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 14:14 - 2014-05-15 09:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 14:11 - 2014-05-15 09:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-09 07:09 - 2014-05-09 07:09 - 43723586 _____ () C:\Users\Xavier\Downloads\IMG_0475.MOV
2014-05-09 07:06 - 2014-05-09 07:06 - 18943573 _____ () C:\Users\Xavier\Downloads\Esc1.mp4
2014-05-09 06:55 - 2014-05-09 06:55 - 17806141 _____ () C:\Users\Xavier\Downloads\girl.wmv
2014-05-09 06:38 - 2014-05-09 06:38 - 26870080 _____ () C:\Users\Xavier\Downloads\downblouse.mp4
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieUserList
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieSiteList
2014-05-08 08:00 - 2014-05-08 08:00 - 36060610 _____ () C:\Users\Xavier\Downloads\[AnonDB.org]samantha_ong_ammy_s_sex_tape.rar
2014-05-07 07:56 - 2014-05-07 07:56 - 47963363 _____ () C:\Users\Xavier\Downloads\AdorkableRawr (5).flv
2014-05-07 07:54 - 2014-05-07 07:54 - 26337881 _____ () C:\Users\Xavier\Downloads\webcam 09.mp4
2014-05-07 07:50 - 2014-05-07 07:50 - 41276298 _____ () C:\Users\Xavier\Downloads\480P_600k_25096452.mp4
2014-05-07 07:29 - 2013-11-26 15:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 07:29 - 2013-11-26 15:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 23:42 - 2010-11-26 08:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA
2014-05-06 23:42 - 2010-11-26 08:53 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core
2014-05-06 12:40 - 2014-05-15 09:22 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 12:17 - 2014-05-15 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 11:25 - 2014-05-15 09:22 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 11:07 - 2014-05-15 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 11:00 - 2014-05-15 09:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 10:10 - 2014-05-15 09:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 17:12 - 2010-06-19 03:05 - 93223848 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Xavier\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 17:53

==================== End Of Log ============================

 

and Additional Scan log.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Xavier at 2014-06-03 20:55:14
Running from C:\Users\Xavier\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Alipay security control 3.7.0.0 (x32 Version: 3.7.0.0 - Alipay.com Co., Ltd.) Hidden
AlipayDHC 1.1.0.0 (x32 Version: 1.1.0.0 - Alipay.com Co., Ltd.) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV Player (HKLM-x32\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.31141 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.7.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.8.0.5 - Canon Inc.)
Canon SELPHY CP780 (HKLM\...\Canon SELPHY CP780) (Version:  - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.1.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities SELPHY Photo Print (HKLM-x32\...\SELPHY Photo Print) (Version: 1.0.1.5 - Canon Inc.)
Canon Utilities SELPHY Print Contents 1.0.0 (HKLM-x32\...\SELPHY Print Contents 100) (Version: 1.0.0.8 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.2.33 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.1.10 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.3.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.4.11327 - Blizzard Entertainment)
Dragon Nest SEA (HKLM-x32\...\{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}) (Version: 1.41.0000 - Shanda Games International)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
iFunbox (v2.6.2375.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.6.2375.747 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Control Panel 320.78 (Version: 320.78 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2078 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Ö§¸¶±¦°²È«¿Ø¼þ 3.22.0.0 (HKLM-x32\...\alieditplus) (Version: 3.22.0.0 - Alipay.com Co., Ltd.)
Opera Next 18.0.1284.26 (HKLM-x32\...\Opera 18.0.1284.26) (Version: 18.0.1284.26 - Opera Software ASA)
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photomatix Pro version 3.2.7 (HKLM\...\PhotomatixPro3x32_is1) (Version: 3.2.7 - HDRsoft Sarl)
PIXresizer 2.0.4 (HKLM-x32\...\PIXresizer_is1) (Version:  - Bluefive software)
PocketWizard Utility (HKLM-x32\...\{B8D5132A-0E69-4EDC-B4CB-8C13E0B75865}) (Version: 1.35 - LPA Design)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
ProShow Plugins for Lightroom (HKLM-x32\...\ProShow Plugins for Lightroom) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Anansi (HKLM-x32\...\{58AA0670-2352-424B-BE5F-CF59EDD07EA0}) (Version: 1.05.04 - Razer USA Ltd.)
Razer Anansi Firmware Updater (HKLM-x32\...\{1A2AADF0-6832-4471-8A15-EB068B7DC9F1}) (Version: 1.02.03 - Razer USA Ltd.)
Razer Imperator (HKLM-x32\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Razer Imperator Firmware Updater (HKLM-x32\...\{D9292112-253F-438D-B1AB-432E5A1FE1B5}) (Version: 1.16.00 - Razer USA Ltd.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeTransaction 5.10.0.0 (x32 Version: 5.10.0.0 - Alipay.com Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.49.1000 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Windows 7 Codec Pack 3.4.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 3.4.0 - Windows 7 Codec Pack)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode version 3.1.6.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.6.9 - XMedia Recode)

==================== Restore Points  =========================

02-06-2014 15:12:55 Installed QuickTime 7
02-06-2014 15:42:33 McAfee Vulnerability Scanner
03-06-2014 09:36:12 Windows Update

==================== Hosts content: ==========================

2010-06-20 03:40 - 2010-06-20 10:24 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {2B165DDC-7021-4997-BB61-128AB358D408} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {4E5515AE-C858-416A-9E0F-13AC85BB8D05} - System32\Tasks\auto shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {524DAB8A-3B07-4DF5-B6D0-211D28B21364} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {622379C4-767C-4569-9E0F-4E3A08450191} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6E637F4D-CB25-4968-9865-FFC6EC16C24A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {7FBA6396-FC70-4345-9515-92C115E55933} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8C83E7EB-773E-4078-BA06-4C045CF3A011} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {8C99B018-C281-4F49-A4CD-121819ED5534} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {9ADEE012-4786-47E2-95C0-9CE162AAC4AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {9B2289D6-A169-4170-A2F8-11273C6F9C36} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9D1CD1B6-EC6E-4BA3-9218-EA7EFF5F722A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {AE5E121C-71F6-4E9D-9CD5-17CF419C66C2} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-07-23] (PC Tools)
Task: {B0A899A3-BE33-4FE9-BB11-1ECEDF249C4E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B0ECA1C8-6AC4-47F7-924B-CB367BE4E55A} - System32\Tasks\PC shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {B4CDBAAC-812C-4576-BD69-08F8AADA9CAC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {BE4867D3-1445-4779-A1F2-8691A72DF98A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C0758E40-AE18-4282-8AC1-F966E0EA5FA1} - System32\Tasks\AdobeAAMUpdater-1.0-Xavier-PC-Xavier => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {C4E8939A-50F9-4B49-80A7-F9E1EAF1D0AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26] (Google Inc.)
Task: {C5916752-8F95-4FF9-A48C-481EE0BFA920} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26] (Google Inc.)
Task: {C7BE2B8F-50B4-4B8E-AFB3-4CFB4E1C753A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {D314192E-059E-47EA-88E7-E88A50E19F86} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\real\realplayer\update\realsched.exe [2013-12-21] (RealNetworks, Inc.)
Task: {E1BB9C8E-4707-416A-A4F5-4AA9729A86F9} - System32\Tasks\Google Updater and Installer => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26] (Google Inc.)
Task: {EA0D917A-EC94-49A9-9C02-75EED3AEF32B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-22] (Adobe Systems Incorporated)
Task: {F4BD8612-3B20-45EA-B6C5-4D02790BA142} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core.job => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA.job => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe

==================== Loaded Modules (whitelisted) =============

2012-06-03 13:11 - 2013-08-10 04:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-12 22:01 - 2014-02-12 22:01 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\cf2f71599d9d7f8b91695683eb030cb1\VistaBridgeLibrary.ni.dll
2009-12-15 21:14 - 2009-12-15 21:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-15 23:55 - 2010-07-21 23:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-15 23:55 - 2010-07-21 23:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-15 23:55 - 2010-07-21 23:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2014-05-16 23:41 - 2014-05-16 23:41 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SELPHY Photo Print Launcher.lnk => C:\Windows\pss\SELPHY Photo Print Launcher.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellSupportCenter =>
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Razer Anansi Driver => C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe
MSCONFIG\startupreg: Razer Imperator Driver => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== Faulty Device Manager Devices =============

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2014 08:53:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x12c4
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/03/2014 08:52:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x1fc0
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/03/2014 08:50:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0xa60
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/03/2014 08:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x5f4
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3


System errors:
=============
Error: (06/03/2014 08:53:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Anti-Spam Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/03/2014 08:53:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Platform Services service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/03/2014 08:53:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee VirusScan Announcer service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/03/2014 08:53:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/03/2014 08:53:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Home Network service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/03/2014 08:53:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee VirusScan Announcer service, but this action failed with the following error:
%%1056

Error: (06/03/2014 08:53:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Platform Services service, but this action failed with the following error:
%%1056

Error: (06/03/2014 08:52:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Anti-Spam Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/03/2014 08:52:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Proxy Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/03/2014 08:52:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Platform Services service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (06/03/2014 08:53:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae40000015000000000002379912c401cf7f2ab398a165C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe0760f913-eb1e-11e3-bd18-b8ac6fa665a0

Error: (06/03/2014 08:52:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae4000001500000000000237991fc001cf7f2a75968c6cC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exee3146a42-eb1d-11e3-bd18-b8ac6fa665a0

Error: (06/03/2014 08:50:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae400000150000000000023799a6001cf7f2a421d7df2C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeb28bcd57-eb1d-11e3-bd18-b8ac6fa665a0

Error: (06/03/2014 08:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae4000001500000000000237995f401cf7f29f1d51e0cC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe52ff7629-eb1d-11e3-bd18-b8ac6fa665a0


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 3959.12 MB
Available physical RAM: 1564.91 MB
Total Pagefile: 7916.41 MB
Available Pagefile: 5114.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:260.69 GB) (Free:20.23 GB) NTFS
Drive i: (Censored Movies N-Z) (Fixed) (Total:931.48 GB) (Free:2.75 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:195.31 GB) (Free:19.82 GB) NTFS
Drive k: (Itunes Medias) (Fixed) (Total:596.17 GB) (Free:186.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C0000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=261 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195 GB) - (Type=OF Extended)

========================================================
Disk: 5 (Size: 931 GB) (Disk ID: AAFD8C80)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 596 GB) (Disk ID: 0124982C)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


Edited by Xavierwan, 03 June 2014 - 08:00 AM.


#3 Xavierwan

Xavierwan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 08 June 2014 - 05:24 AM

No Sure if anyone is assist me with this issue..

Anyway below is the updated FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Xavier (administrator) on XAVIER-PC on 08-06-2014 18:22:39
Running from C:\Users\Xavier\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Alipay Inc. ) C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
(Alipay Inc. ) C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft

Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager

\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103936 2012-07-23]

(PC Tools)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe

Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

[963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-21]

(RealNetworks, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink

Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-

02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19]

(Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware

\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8888;https=127.0.0.1:8888
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF4CE896E19ACE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q=

{searchTerms}

&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCy

EtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y

1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}

&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCy

EtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y

1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q=

{searchTerms}

&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCy

EtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y

1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}

&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCy

EtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y

1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle

Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor

\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

(Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan

\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:

\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

(Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor

\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin

\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee

\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee

\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {286A75C3-11FB-4FB4-AC4A-4DD1B0750050}

https://accesscontrol.citibank.co.kr/acsapp/initech/plugin/down/INIS60.cab
DPF: HKLM-x32 {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4_WOW64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

(McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee,

Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

(McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee,

Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

(Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee,

Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

(McAfee, Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16

FireFox:
========
FF ProfilePath: C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default
FF Homepage: https://www.google.com.sg/
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\SysWOW64\aliedit\3.7.0.0\npAliSecCtrl64.dll (Alipay.com Inc. )
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle

Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft

Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @alipay.com/npalidcp - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle

Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle

Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll (

Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

(Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

(NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

(RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader

\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins

\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader

\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin

\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin

\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

(RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins

\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

(Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Xavier\AppData\Local\Google\Update

\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Xavier\AppData\Local\Google\Update

\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles

\aowsmlju.default\Extensions\artur.dubovoy@gmail.com [2014-05-18]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles

\aowsmlju.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-08-05]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default

\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-07-12]
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader

\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader

\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-05-26]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions

\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-

681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application

\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions

\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

(Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins

\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin

\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA

Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer

\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Xavier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions

\fheoggkfdfchfphceeifdbepaooicaho [2011-08-29]
CHR Extension: (RealDownloader) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions

\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-04]
CHR Extension: (FlashControl) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions

\mfidmkgnfgnkihnjeklbekckimkipmoe [2012-03-30]
CHR Extension: (Google Wallet) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

[2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader

\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com)
R2 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes

Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes

Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30]

(McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-05-01] (NVIDIA

Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-05-01] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793088 2012-07-23] (PC Tools)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056

2013-08-14] ()

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and

SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and

SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 scskusbf; syswow64\drivers\scskusbf.sys [X]
S3 scskusbs; syswow64\drivers\scskusbs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-08 18:22 - 2014-06-08 18:22 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST-OlderVersion
2014-06-08 13:45 - 2014-06-08 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-07 21:02 - 2014-06-07 21:02 - 00000634 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-07 19:23 - 2014-06-08 13:41 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-

5-21-2410269394-236509034-534361320-1000
2014-06-07 19:20 - 2014-06-08 13:32 - 00000504 _____ () C:\Windows\setupact.log
2014-06-07 19:20 - 2014-06-07 19:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-07 10:59 - 2014-06-07 11:27 - 1102351183 ____R () C:\Users\Xavier\Downloads\snis166.avi
2014-06-07 10:50 - 2014-06-07 11:29 - 1657096989 ____R () C:\Users\Xavier\Downloads\MADM-005.mp4
2014-06-06 18:54 - 2014-06-06 18:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 18:36 - 2014-06-06 18:41 - 139282600 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_06_13_25.exe
2014-06-06 17:50 - 2014-06-06 17:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 17:02 - 2014-06-06 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 17:00 - 2014-06-06 17:00 - 05245952 _____ () C:\Users\Xavier\Downloads\RogueKillerX64.exe
2014-06-06 16:40 - 2014-06-06 16:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-

2.0.2.1012(2).exe
2014-06-06 16:37 - 2014-06-07 20:49 - 00002218 _____ () C:\Users\Xavier\Desktop\Rkill.txt
2014-06-06 16:37 - 2014-06-06 16:37 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Xavier\Downloads\rkill.exe
2014-06-06 00:24 - 2014-06-06 00:24 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner.exe
2014-06-05 22:04 - 2014-06-05 23:40 - 00000000 ____D () C:\Users\Xavier\Downloads\1Pondo-060314_820-HD
2014-06-05 22:00 - 2014-06-06 00:08 - 00000000 ____D () C:\Users\Xavier\Downloads\Heyzo-0610-HD
2014-06-03 20:10 - 2014-06-03 20:13 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security

Scan Plus
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 17:56 - 2014-06-08 14:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 17:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-

2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:33 - 2014-06-05 07:02 - 00042427 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 17:30 - 2014-06-03 17:31 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 17:29 - 2014-06-08 18:22 - 00032053 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-03 17:29 - 2014-06-08 18:22 - 00000000 ____D () C:\FRST
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:58 - 2014-06-08 13:41 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21

-2410269394-236509034-534361320-1000
2014-06-03 08:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:43 - 2014-06-07 20:46 - 00000000 ____D () C:\AdwCleaner
2014-06-03 08:19 - 2014-06-08 18:22 - 02072576 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 21:56 - 2014-06-02 00:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-01 17:48 - 2014-06-01 20:19 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 10:04 - 2014-06-01 10:06 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-06-01 08:26 - 2014-06-01 16:12 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-05-31 22:36 - 2014-05-31 22:39 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:09 - 2014-05-31 19:17 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:42 - 2014-05-31 18:52 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:42 - 2014-05-31 18:50 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:30 - 2014-05-31 18:43 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:30 - 2014-05-31 18:35 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:17 - 2014-05-31 18:21 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 18:12 - 2014-05-31 18:25 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:09 - 2014-05-31 18:26 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 16:15 - 2014-06-08 13:36 - 00304741 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 12:23 - 2014-05-31 13:16 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 01:41 - 2014-05-31 01:42 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 16:00 - 2014-05-30 16:02 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫:帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 08:57 - 2014-05-30 16:44 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 08:25 - 2014-05-30 18:41 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:58 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-05-26 19:57 - 2014-05-26 20:06 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-24 23:12 - 2014-05-24 23:13 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_

♡ - YouTube [720p].mp4
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 08:31 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 08:31 - 2014-01-04 06:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-23 16:13 - 2014-05-24 21:13 - 00000000 ____D () C:\Windows\rescache
2014-05-23 08:49 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-23 08:49 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows

\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-23 08:49 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows

\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-23 08:49 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-23 08:49 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-23 08:49 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-23 08:49 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-23 08:42 - 2013-09-25 10:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-23 08:42 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads

\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:41 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-20 06:41 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 09:53 - 2014-05-30 10:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 10:18 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 09:22 - 2014-05-06 12:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:22 - 2014-05-06 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 09:22 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:18 - 2014-05-09 14:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 09:18 - 2014-03-25 10:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 09:18 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 09:17 - 2014-05-09 14:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 09:15 - 2014-04-12 10:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 09:15 - 2014-03-04 17:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 09:15 - 2014-03-04 17:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 09:14 - 2014-04-12 10:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 09:14 - 2014-04-12 10:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 09:14 - 2014-04-12 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 09:14 - 2014-04-12 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 23:49 - 2014-04-01 00:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-14 23:49 - 2014-04-01 00:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-09 07:09 - 2014-05-09 07:09 - 43723586 _____ () C:\Users\Xavier\Downloads\IMG_0475.MOV
2014-05-09 07:06 - 2014-05-09 07:06 - 18943573 _____ () C:\Users\Xavier\Downloads\Esc1.mp4
2014-05-09 06:55 - 2014-05-09 06:55 - 17806141 _____ () C:\Users\Xavier\Downloads\girl.wmv
2014-05-09 06:38 - 2014-05-09 06:38 - 26870080 _____ () C:\Users\Xavier\Downloads\downblouse.mp4

==================== One Month Modified Files and Folders =======

2014-06-08 18:23 - 2014-06-03 17:29 - 00032053 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-08 18:23 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Temp
2014-06-08 18:22 - 2014-06-08 18:22 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST-OlderVersion
2014-06-08 18:22 - 2014-06-03 17:29 - 00000000 ____D () C:\FRST
2014-06-08 18:22 - 2014-06-03 08:19 - 02072576 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-08 18:18 - 2013-05-18 14:25 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\BitTorrent
2014-06-08 18:10 - 2012-08-20 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 17:57 - 2014-02-17 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\TaobaoProtect
2014-06-08 17:47 - 2010-11-26 08:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-

534361320-1000UA.job
2014-06-08 17:34 - 2013-11-26 15:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-08 15:26 - 2014-05-31 16:15 - 00304741 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 14:13 - 2014-06-03 17:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 13:45 - 2014-06-08 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-08 13:41 - 2014-06-07 19:23 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-

5-21-2410269394-236509034-534361320-1000
2014-06-08 13:41 - 2014-06-03 08:58 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21

-2410269394-236509034-534361320-1000
2014-06-08 13:41 - 2012-09-02 09:38 - 00000286 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-06-08 13:41 - 2012-09-01 21:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-08 13:40 - 2013-11-26 15:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-08 13:40 - 2012-09-01 21:11 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2014-06-08 13:39 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 13:39 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 13:32 - 2014-06-07 19:20 - 00000504 _____ () C:\Windows\setupact.log
2014-06-08 13:32 - 2010-06-16 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-08 13:32 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 21:06 - 2010-06-18 15:25 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Startup
2014-06-07 21:02 - 2014-06-07 21:02 - 00000634 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-07 20:49 - 2014-06-06 16:37 - 00002218 _____ () C:\Users\Xavier\Desktop\Rkill.txt
2014-06-07 20:46 - 2014-06-03 08:43 - 00000000 ____D () C:\AdwCleaner
2014-06-07 19:20 - 2014-06-07 19:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-07 11:29 - 2014-06-07 10:50 - 1657096989 ____R () C:\Users\Xavier\Downloads\MADM-005.mp4
2014-06-07 11:27 - 2014-06-07 10:59 - 1102351183 ____R () C:\Users\Xavier\Downloads\snis166.avi
2014-06-06 23:47 - 2010-11-26 08:53 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-

534361320-1000Core.job
2014-06-06 18:54 - 2014-06-06 18:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 18:41 - 2014-06-06 18:36 - 139282600 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_06_13_25.exe
2014-06-06 17:50 - 2014-06-06 17:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 17:02 - 2014-06-06 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 17:00 - 2014-06-06 17:00 - 05245952 _____ () C:\Users\Xavier\Downloads\RogueKillerX64.exe
2014-06-06 16:41 - 2014-06-06 16:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-

2.0.2.1012(2).exe
2014-06-06 16:37 - 2014-06-06 16:37 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Xavier\Downloads\rkill.exe
2014-06-06 00:24 - 2014-06-06 00:24 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner.exe
2014-06-06 00:08 - 2014-06-05 22:00 - 00000000 ____D () C:\Users\Xavier\Downloads\Heyzo-0610-HD
2014-06-05 23:40 - 2014-06-05 22:04 - 00000000 ____D () C:\Users\Xavier\Downloads\1Pondo-060314_820-HD
2014-06-05 07:02 - 2014-06-03 17:33 - 00042427 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 20:13 - 2014-06-03 20:10 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security

Scan Plus
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 19:32 - 2010-06-19 21:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-03 19:32 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2010-12-06 09:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-

2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:31 - 2014-06-03 17:30 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 09:24 - 2010-08-04 07:32 - 00007595 _____ () C:\Users\Xavier\AppData\Local\Resmon.ResmonCfg
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-02 00:56 - 2014-06-01 21:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-02 00:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 21:40 - 2013-11-26 15:58 - 00000000 ____D () C:\Program Files\Google
2014-06-01 21:40 - 2013-11-26 15:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-01 20:19 - 2014-06-01 17:48 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 16:12 - 2014-06-01 08:26 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-06-01 10:06 - 2014-06-01 10:04 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-05-31 22:39 - 2014-05-31 22:36 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:17 - 2014-05-31 19:09 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:52 - 2014-05-31 18:42 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:50 - 2014-05-31 18:42 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:43 - 2014-05-31 18:30 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:35 - 2014-05-31 18:30 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:26 - 2014-05-31 18:09 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 18:25 - 2014-05-31 18:12 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:21 - 2014-05-31 18:17 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 13:16 - 2014-05-31 12:23 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 13:15 - 2014-04-29 07:10 - 38258837 _____ () C:\Users\Xavier\Downloads\12345.rar
2014-05-31 12:42 - 2011-10-14 23:36 - 00000000 ____D () C:\Windows\pss
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2010-06-19 14:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-31 10:54 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative

Tools
2014-05-31 10:54 - 2009-07-14 12:54 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-05-31 10:54 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-31 01:42 - 2014-05-31 01:41 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 18:41 - 2014-05-30 08:25 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-30 16:44 - 2014-05-30 08:57 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 16:02 - 2014-05-30 16:00 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫:帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 10:01 - 2014-05-15 09:53 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-27 06:29 - 2010-06-15 23:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-10-01 21:53 - 00000000 ____D () C:\Program Files\McAfee
2014-05-26 20:07 - 2010-06-15 23:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-26 20:06 - 2014-05-26 19:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:47 - 2010-06-16 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-26 19:22 - 2010-12-20 09:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-25 10:29 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-24 23:13 - 2014-05-24 23:12 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_

♡ - YouTube [720p].mp4
2014-05-24 21:57 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier
2014-05-24 21:13 - 2014-05-23 16:13 - 00000000 ____D () C:\Windows\rescache
2014-05-24 20:35 - 2009-07-14 10:34 - 79167488 _____ () C:\Windows\system32\config\software.rmbak
2014-05-24 20:35 - 2009-07-14 10:34 - 02097152 _____ () C:\Windows\system32\config\default.rmbak
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 19:43 - 2014-04-20 15:21 - 00000000 ____D () C:\Users\Xavier\Downloads\Edited folder
2014-05-23 08:48 - 2012-06-03 13:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-23 08:48 - 2010-06-18 15:43 - 00000000 ____D () C:\Temp
2014-05-23 08:45 - 2012-06-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA

Corporation
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads

\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-22 17:18 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files\stinger
2014-05-21 18:04 - 2009-07-14 13:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-17 09:29 - 2013-03-20 08:25 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader

XI.lnk
2014-05-17 09:10 - 2013-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 00:49 - 2010-08-17 17:41 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\SoftGrid Client
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 17:31 - 2013-12-26 21:47 - 00014915 _____ () C:\Users\Xavier\Documents\My Toys.xlsx
2014-05-15 11:48 - 2012-08-20 08:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 11:48 - 2012-06-10 23:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 11:48 - 2012-06-10 23:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 11:45 - 2010-06-18 15:29 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Administrative Tools
2014-05-15 11:39 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 11:25 - 2010-06-16 15:16 - 00000000 ____D () C:\dell
2014-05-15 10:18 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:53 - 2010-06-18 15:29 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Dell
2014-05-15 09:53 - 2010-06-16 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:52 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\Dell
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2013-07-12 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:50 - 2013-12-03 17:32 - 00000000 ____D () C:\Users\Xavier\AppData\Local\NVIDIA Corporation
2014-05-14 23:50 - 2012-06-03 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-14 23:45 - 2010-06-18 19:44 - 00000000 ____D () C:\Users\Xavier\Tracing
2014-05-13 22:48 - 2010-10-20 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Windows Live
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 22:44 - 2013-07-08 16:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-13 22:43 - 2013-07-08 16:13 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

Mail.lnk
2014-05-13 22:43 - 2013-07-08 16:13 - 00001382 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo

Gallery.lnk
2014-05-13 22:43 - 2010-10-20 17:39 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

Messenger.lnk
2014-05-13 22:42 - 2013-07-08 16:12 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-13 22:42 - 2010-06-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-13 16:33 - 2014-05-08 07:38 - 2205661922 _____ () C:\Users\Xavier\Downloads\0312-CESD-042.mkv
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-12 07:26 - 2014-06-03 17:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 17:53 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2010-12-06 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 14:14 - 2014-05-15 09:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 14:11 - 2014-05-15 09:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-09 07:09 - 2014-05-09 07:09 - 43723586 _____ () C:\Users\Xavier\Downloads\IMG_0475.MOV
2014-05-09 07:06 - 2014-05-09 07:06 - 18943573 _____ () C:\Users\Xavier\Downloads\Esc1.mp4
2014-05-09 06:55 - 2014-05-09 06:55 - 17806141 _____ () C:\Users\Xavier\Downloads\girl.wmv
2014-05-09 06:38 - 2014-05-09 06:38 - 26870080 _____ () C:\Users\Xavier\Downloads\downblouse.mp4

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-08 14:08

==================== End Of Log ============================



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 AM

Posted 08 June 2014 - 05:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/536445 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Xavierwan

Xavierwan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 08 June 2014 - 06:52 PM

Hi,

Below is the DDS log file. thanks.

Also I do not have original Windows CD as it's pre-installed when I get the system.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Xavier at 7:40:59 on 2014-06-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.3959.1939 [GMT 8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\PROGRA~2\mcafee\siteadvisor\saui.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = about:blank
uProxyServer = hxxp=127.0.0.1:8888;https=127.0.0.1:8888
uProxyOverride = <-loopback>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - LocalServer32 - <no file>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe"  -osboot
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Xavier\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: dell.com
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://accesscontrol.citibank.co.kr/acsapp/initech/plugin/down/INIS60.cab
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxps://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4_WOW64.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 218.186.2.16 218.186.2.6 202.156.1.16
TCP: Interfaces\{256578E5-030D-4DE8-983C-BDEA60562F07} : DHCPNameServer = 203.116.1.94 203.116.254.150
TCP: Interfaces\{E194CD79-39D7-4951-9925-DC580CBE4F5C} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{F56C2265-015C-49A0-8719-8C5B69628C43} : DHCPNameServer = 218.186.2.16 218.186.2.6 202.156.1.16
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\mcsniepl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.sg/
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\aliedit\3.7.0.0\npalidcp.dll
FF - plugin: C:\Windows\System32\aliedit\3.7.0.0\npaliedit.dll
FF - plugin: C:\Windows\System32\aliedit\3.7.0.0\npAliSecCtrl.dll
FF - plugin: C:\Windows\System32\aliedit\3.7.0.0\npAliSecCtrl64.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2014-3-17 784760]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-4-3 346760]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-17 55280]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-2-18 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-2-18 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-6-30 140672]
R2 AlipaySecSvc;Alipay security service;C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [2014-3-7 540032]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-3 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-3 860472]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-5-26 178528]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-26 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-26 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-5-26 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-5-26 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-5-26 189912]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2010-10-4 63488]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1618888]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-28 21009352]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-9-1 793088]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-15 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-9 413472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-5-15 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-16 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-16 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-12-6 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-3 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-3 63704]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-4-3 311856]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-4-3 522360]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-3-18 441264]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-14 19744]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-14 40392]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-10-11 166400]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-26 328928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-26 328928]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-26 328928]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-5-26 328928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2013-9-27 31920]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-4-3 70592]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-8 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-5-26 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-30 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-3-18 96592]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-8-6 23040]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2014-1-10 25584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-13 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-22 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-23 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-19 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-06-06 10:54:24    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-06-06 09:50:46    --------    d-----w-    C:\Program Files (x86)\ESET
2014-06-06 09:02:06    --------    d-----w-    C:\ProgramData\RogueKiller
2014-06-06 08:45:17    10702536    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{25A67FB9-FFDD-401F-A4B7-C71756823622}\mpengine.dll
2014-06-03 11:32:40    --------    d-----w-    C:\Program Files\McAfee Security Scan
2014-06-03 09:56:42    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-03 09:53:36    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-03 09:53:36    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-06-03 09:53:35    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 09:29:38    --------    d-----w-    C:\FRST
2014-06-03 01:05:30    --------    d-----w-    C:\Windows\ERUNT
2014-06-03 00:52:49    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-06-03 00:43:55    --------    d-----w-    C:\AdwCleaner
2014-06-02 15:43:48    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-06-02 15:43:48    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-06-02 15:43:48    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-06-02 15:43:48    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-06-02 15:43:48    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-06-02 15:43:48    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-06-02 15:43:48    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-06-02 15:43:48    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-06-02 15:43:48    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-06-02 15:43:48    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-05-26 12:07:17    197704    ----a-w-    C:\Windows\System32\drivers\HipShieldK.sys
2014-05-26 12:05:39    --------    d-----w-    C:\Program Files (x86)\McAfee.com
2014-05-26 12:03:31    --------    d-----w-    C:\Program Files\McAfee.com
2014-05-26 11:58:30    189912    ----a-w-    C:\Windows\System32\mfevtps.exe
2014-05-26 11:57:18    --------    d-----w-    C:\Program Files\Common Files\McAfee
2014-05-26 11:43:19    --------    d-----w-    C:\Program Files (x86)\MSECache
2014-05-24 12:25:47    --------    d-----w-    C:\Roxio
2014-05-24 00:31:20    6574592    ----a-w-    C:\Windows\System32\mstscax.dll
2014-05-24 00:31:20    5694464    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-05-23 08:13:47    --------    d-----w-    C:\Windows\rescache
2014-05-23 00:42:33    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-05-23 00:42:33    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-05-19 23:11:00    --------    d-----w-    C:\NVIDIA Corporation
2014-05-19 22:41:08    1885472    ----a-w-    C:\Windows\System32\nvdispco6433523.dll
2014-05-19 22:41:08    1516488    ----a-w-    C:\Windows\System32\nvdispgenco6433523.dll
2014-05-15 03:25:44    --------    d-----w-    C:\Program Files (x86)\Common Files\postureAgent
2014-05-15 03:25:19    --------    d-----w-    C:\Intel
2014-05-15 01:53:26    --------    d-----w-    C:\ProgramData\PC-Doctor for Windows
2014-05-15 01:53:26    --------    d-----w-    C:\Program Files\Dell Support Center
2014-05-15 01:53:04    --------    d-----w-    C:\Program Files\My Dell
2014-05-15 01:50:49    --------    d-----w-    C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 01:47:26    --------    d-----w-    C:\Users\Xavier\AppData\Local\Apps
2014-05-15 01:47:25    --------    d-----w-    C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 01:43:17    --------    d-----w-    C:\Users\Xavier\AppData\Local\Dell
2014-05-15 01:22:43    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-15 01:22:43    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-15 01:18:01    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-15 01:17:59    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-05-15 01:14:59    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-05-14 15:49:48    40392    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-05-14 15:49:48    34760    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2014-05-13 14:44:33    --------    d-----w-    C:\Windows\en
.
==================== Find3M  ====================
.
2014-05-15 03:48:36    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 03:48:36    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-11 23:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-04-30 18:29:25    1081112    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-04-30 18:29:03    1225920    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-04-14 12:13:43    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-03 09:23:54    70592    ----a-w-    C:\Windows\System32\drivers\cfwids.sys
2014-04-03 09:16:04    346760    ----a-w-    C:\Windows\System32\drivers\mfewfpk.sys
2014-04-03 09:10:34    784760    ----a-w-    C:\Windows\System32\drivers\mfehidk.sys
2014-04-03 09:08:04    522360    ----a-w-    C:\Windows\System32\drivers\mfefirek.sys
2014-04-03 09:06:04    311856    ----a-w-    C:\Windows\System32\drivers\mfeavfk.sys
2014-04-03 09:03:32    177544    ----a-w-    C:\Windows\System32\drivers\mfeapfk.sys
2014-03-31 16:42:42    37320    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2014-03-31 13:41:40    58568    ----a-w-    C:\Windows\SysWow64\sirenacm.dll
2014-03-31 13:34:22    322248    ----a-w-    C:\Windows\WLXPGSS.SCR
2014-03-31 01:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-17 23:09:16    11336    ----a-w-    C:\Windows\System32\drivers\mfeclnrk.sys
2014-03-17 23:08:50    96592    ----a-w-    C:\Windows\System32\drivers\mfencrk.sys
2014-03-17 23:08:26    441264    ----a-w-    C:\Windows\System32\drivers\mfencbdc.sys
2014-02-15 16:16:12    49940480    ----a-w-    C:\Program Files (x86)\GUTC200.tmp
.
============= FINISH:  7:41:12.10 ===============
 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:40 AM

Posted 10 June 2014 - 02:25 AM

Hello and Welcome on board Xavierwan :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Step 2: Malwarebytes

    Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
    Once it has updated select Settings > Detection and Protection
    Tick Scan for rootkits

    MBAMsettings.JPG

    Go back to the Dashboard and select Scan Now

    MBAMScan.JPG

    If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

    MBAMReboot.JPG

    MBAMLog.JPG

    On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop
    Attach/Post that log

    Step 3: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 4: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Xavierwan

Xavierwan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 10 June 2014 - 05:18 AM

Hi Machiavelli,

Thanks for your time and help

FYI, while waiting for your assistant i have use sw which was mention here and also others such as rkill, tdsskiller, ESET Online Scanner.

They have detected and quarantine some malwares, the multiple COM_Surrogate issue slowing down the PC seem to have improved but I still constantly get alert fro my McAfee that the Firewall has being turned off thus I am not sure if the issue has being resolved or it has went into hiding mode.

Following are the requested logs.

 

Step 1 AdwCleaner Log

# AdwCleaner v3.212 - Report created 10/06/2014 at 17:20:45
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Xavier - XAVIER-PC
# Running from : C:\Users\Xavier\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7601 octets] - [03/06/2014 08:52:26]
AdwCleaner[R10].txt - [1855 octets] - [06/06/2014 17:38:04]
AdwCleaner[R11].txt - [1976 octets] - [07/06/2014 20:46:14]
AdwCleaner[R12].txt - [2037 octets] - [09/06/2014 23:56:42]
AdwCleaner[R13].txt - [2102 octets] - [10/06/2014 17:19:47]
AdwCleaner[R1].txt - [1396 octets] - [03/06/2014 20:18:36]
AdwCleaner[R2].txt - [1139 octets] - [03/06/2014 20:44:09]
AdwCleaner[R3].txt - [1259 octets] - [04/06/2014 15:24:31]
AdwCleaner[R4].txt - [1320 octets] - [05/06/2014 06:56:01]
AdwCleaner[R5].txt - [1916 octets] - [06/06/2014 00:26:01]
AdwCleaner[R6].txt - [1976 octets] - [06/06/2014 00:34:13]
AdwCleaner[R7].txt - [1554 octets] - [06/06/2014 00:38:47]
AdwCleaner[R8].txt - [1614 octets] - [06/06/2014 00:54:48]
AdwCleaner[R9].txt - [1734 octets] - [06/06/2014 01:12:06]
AdwCleaner[S0].txt - [7559 octets] - [03/06/2014 08:53:18]
AdwCleaner[S1].txt - [1465 octets] - [03/06/2014 20:19:59]
AdwCleaner[S2].txt - [1201 octets] - [03/06/2014 20:44:57]
AdwCleaner[S3].txt - [2043 octets] - [06/06/2014 00:35:35]
AdwCleaner[S4].txt - [1675 octets] - [06/06/2014 00:55:22]
AdwCleaner[S5].txt - [1795 octets] - [06/06/2014 01:12:33]
AdwCleaner[S6].txt - [1916 octets] - [06/06/2014 17:39:00]
AdwCleaner[S7].txt - [2022 octets] - [10/06/2014 17:20:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2082 octets] ##########

 

Step 2 Mbam log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/6/2014
Scan Time: 5:29:19 PM
Logfile: Mbam log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.10.02
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Xavier

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292846
Time Elapsed: 17 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Step 3 JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Xavier on Tue 10/06/2014 at 17:50:08.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/06/2014 at 17:59:29.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step 4: FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by Xavier (administrator) on XAVIER-PC on 10-06-2014 18:04:18
Running from C:\Users\Xavier\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Alipay Inc. ) C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
(Alipay Inc. ) C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103936 2012-07-23] (PC Tools)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8888;https=127.0.0.1:8888
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF4CE896E19ACE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} https://accesscontrol.citibank.co.kr/acsapp/initech/plugin/down/INIS60.cab
DPF: HKLM-x32 {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4_WOW64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16

FireFox:
========
FF ProfilePath: C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default
FF Homepage: https://www.google.com.sg/
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\SysWOW64\aliedit\3.7.0.0\npAliSecCtrl64.dll (Alipay.com Inc. )
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @alipay.com/npalidcp - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\artur.dubovoy@gmail.com [2014-05-18]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-08-05]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-07-12]
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-05-26]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Xavier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-29]
CHR Extension: (RealDownloader) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-04]
CHR Extension: (FlashControl) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2012-03-30]
CHR Extension: (Google Wallet) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com) [File not signed]
R2 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-10-04] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-05-01] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793088 2012-07-23] (PC Tools)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 scskusbf; syswow64\drivers\scskusbf.sys [X]
S3 scskusbs; syswow64\drivers\scskusbs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 17:59 - 2014-06-10 17:59 - 00000634 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-10 17:48 - 2014-06-10 17:49 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT(1).exe
2014-06-10 17:28 - 2014-06-10 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-10 17:23 - 2014-06-10 17:23 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-10 17:21 - 2014-06-10 17:21 - 00000314 _____ () C:\Windows\PFRO.log
2014-06-10 17:18 - 2014-06-10 17:19 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner(1).exe
2014-06-10 17:12 - 2014-06-10 17:12 - 00004242 _____ () C:\Users\Xavier\Desktop\do.txt
2014-06-10 16:44 - 2014-06-10 17:21 - 00000504 _____ () C:\Windows\setupact.log
2014-06-10 16:44 - 2014-06-10 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 08:00 - 2014-06-10 08:04 - 00000000 ____D () C:\Users\Xavier\Downloads\RCT-621
2014-06-10 07:56 - 2014-06-10 07:58 - 00000000 ____D () C:\Users\Xavier\Downloads\AV-RCT-617.mp4
2014-06-10 07:55 - 2014-06-10 07:56 - 00000000 ____D () C:\Users\Xavier\Downloads\球尔@www.sexinsex.net@MDYD-915
2014-06-10 07:54 - 2014-06-10 08:02 - 00000000 ____D () C:\Users\Xavier\Downloads\MDYD-912
2014-06-10 07:54 - 2014-06-10 07:55 - 1401872696 _____ () C:\Users\Xavier\Downloads\DANDY-113.avi
2014-06-10 07:52 - 2014-06-10 07:52 - 522374873 _____ () C:\Users\Xavier\Downloads\Dandy-001.flv
2014-06-10 07:43 - 2014-06-10 07:43 - 476634133 _____ () C:\Users\Xavier\Downloads\DVDES-352.rmvb
2014-06-09 08:56 - 2014-06-10 17:23 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-09 07:39 - 2014-06-09 07:41 - 00028338 _____ () C:\Users\Xavier\Desktop\dds.txt
2014-06-09 07:39 - 2014-06-09 07:41 - 00014292 _____ () C:\Users\Xavier\Desktop\Attach.txt
2014-06-09 07:36 - 2014-06-09 07:36 - 00688992 ____R (Swearware) C:\Users\Xavier\Downloads\dds.com
2014-06-08 18:24 - 2014-06-08 18:24 - 00070878 _____ () C:\Users\Xavier\Desktop\FRST_Lastest.txt
2014-06-08 18:22 - 2014-06-10 18:04 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST-OlderVersion
2014-06-07 10:59 - 2014-06-07 11:27 - 1102351183 ____R () C:\Users\Xavier\Downloads\snis166.avi
2014-06-06 18:54 - 2014-06-06 18:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 18:36 - 2014-06-06 18:41 - 139282600 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_06_13_25.exe
2014-06-06 17:50 - 2014-06-06 17:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 17:02 - 2014-06-06 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 17:00 - 2014-06-06 17:00 - 05245952 _____ () C:\Users\Xavier\Downloads\RogueKillerX64.exe
2014-06-06 16:40 - 2014-06-06 16:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-06-06 16:37 - 2014-06-07 20:49 - 00002218 _____ () C:\Users\Xavier\Desktop\Rkill.txt
2014-06-06 16:37 - 2014-06-06 16:37 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Xavier\Downloads\rkill.exe
2014-06-06 00:24 - 2014-06-06 00:24 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner.exe
2014-06-05 22:04 - 2014-06-05 23:40 - 00000000 ____D () C:\Users\Xavier\Downloads\1Pondo-060314_820-HD
2014-06-05 22:00 - 2014-06-06 00:08 - 00000000 ____D () C:\Users\Xavier\Downloads\Heyzo-0610-HD
2014-06-03 20:10 - 2014-06-03 20:13 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 17:56 - 2014-06-10 17:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 17:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:33 - 2014-06-05 07:02 - 00042427 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 17:30 - 2014-06-03 17:31 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 17:29 - 2014-06-10 18:04 - 00032196 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-03 17:29 - 2014-06-10 18:04 - 00000000 ____D () C:\FRST
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:43 - 2014-06-10 17:20 - 00000000 ____D () C:\AdwCleaner
2014-06-03 08:19 - 2014-06-10 18:04 - 02080768 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 21:56 - 2014-06-02 00:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-01 17:48 - 2014-06-01 20:19 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 10:04 - 2014-06-01 10:06 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-06-01 08:26 - 2014-06-01 16:12 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-05-31 22:36 - 2014-05-31 22:39 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:09 - 2014-05-31 19:17 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:42 - 2014-05-31 18:52 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:42 - 2014-05-31 18:50 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:30 - 2014-05-31 18:43 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:30 - 2014-05-31 18:35 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:17 - 2014-05-31 18:21 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 18:12 - 2014-05-31 18:25 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:09 - 2014-05-31 18:26 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 16:15 - 2014-06-10 17:27 - 00362733 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 12:23 - 2014-05-31 13:16 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 01:41 - 2014-05-31 01:42 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 16:00 - 2014-05-30 16:02 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫:帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 08:57 - 2014-05-30 16:44 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 08:25 - 2014-05-30 18:41 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:58 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-05-26 19:57 - 2014-05-26 20:06 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-24 23:12 - 2014-05-24 23:13 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 08:31 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 08:31 - 2014-01-04 06:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-23 16:13 - 2014-05-24 21:13 - 00000000 ____D () C:\Windows\rescache
2014-05-23 08:49 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-23 08:49 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-23 08:49 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-23 08:49 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-23 08:49 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-23 08:49 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-23 08:49 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-23 08:42 - 2013-09-25 10:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-23 08:42 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:41 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-20 06:41 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 09:53 - 2014-05-30 10:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 10:18 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 09:22 - 2014-05-06 12:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:22 - 2014-05-06 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 09:22 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:18 - 2014-05-09 14:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 09:18 - 2014-03-25 10:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 09:18 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 09:17 - 2014-05-09 14:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 09:15 - 2014-04-12 10:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 09:15 - 2014-03-04 17:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 09:15 - 2014-03-04 17:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 09:14 - 2014-04-12 10:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 09:14 - 2014-04-12 10:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 09:14 - 2014-04-12 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 09:14 - 2014-04-12 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 23:49 - 2014-04-01 00:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-14 23:49 - 2014-04-01 00:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip

==================== One Month Modified Files and Folders =======

2014-06-10 18:05 - 2014-06-03 17:29 - 00032196 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-10 18:05 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Temp
2014-06-10 18:04 - 2014-06-08 18:22 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST-OlderVersion
2014-06-10 18:04 - 2014-06-03 17:29 - 00000000 ____D () C:\FRST
2014-06-10 18:04 - 2014-06-03 08:19 - 02080768 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-10 17:59 - 2014-06-10 17:59 - 00000634 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-10 17:54 - 2014-02-17 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\TaobaoProtect
2014-06-10 17:49 - 2014-06-10 17:48 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT(1).exe
2014-06-10 17:47 - 2010-11-26 08:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA.job
2014-06-10 17:34 - 2013-11-26 15:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 17:32 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 17:32 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 17:28 - 2014-06-10 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-10 17:28 - 2014-06-03 17:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 17:27 - 2014-05-31 16:15 - 00362733 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 17:23 - 2014-06-10 17:23 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-10 17:23 - 2014-06-09 08:56 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-10 17:23 - 2012-09-02 09:38 - 00000286 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-06-10 17:23 - 2012-09-01 21:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-10 17:22 - 2013-11-26 15:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 17:22 - 2012-09-01 21:11 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2014-06-10 17:21 - 2014-06-10 17:21 - 00000314 _____ () C:\Windows\PFRO.log
2014-06-10 17:21 - 2014-06-10 16:44 - 00000504 _____ () C:\Windows\setupact.log
2014-06-10 17:21 - 2010-06-16 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-10 17:21 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 17:20 - 2014-06-03 08:43 - 00000000 ____D () C:\AdwCleaner
2014-06-10 17:19 - 2014-06-10 17:18 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner(1).exe
2014-06-10 17:12 - 2014-06-10 17:12 - 00004242 _____ () C:\Users\Xavier\Desktop\do.txt
2014-06-10 17:10 - 2012-08-20 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 16:44 - 2014-06-10 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 09:34 - 2013-05-18 14:25 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\BitTorrent
2014-06-10 08:04 - 2014-06-10 08:00 - 00000000 ____D () C:\Users\Xavier\Downloads\RCT-621
2014-06-10 08:02 - 2014-06-10 07:54 - 00000000 ____D () C:\Users\Xavier\Downloads\MDYD-912
2014-06-10 07:58 - 2014-06-10 07:56 - 00000000 ____D () C:\Users\Xavier\Downloads\AV-RCT-617.mp4
2014-06-10 07:56 - 2014-06-10 07:55 - 00000000 ____D () C:\Users\Xavier\Downloads\球尔@www.sexinsex.net@MDYD-915
2014-06-10 07:55 - 2014-06-10 07:54 - 1401872696 _____ () C:\Users\Xavier\Downloads\DANDY-113.avi
2014-06-10 07:52 - 2014-06-10 07:52 - 522374873 _____ () C:\Users\Xavier\Downloads\Dandy-001.flv
2014-06-10 07:43 - 2014-06-10 07:43 - 476634133 _____ () C:\Users\Xavier\Downloads\DVDES-352.rmvb
2014-06-10 00:07 - 2010-06-18 15:25 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 23:47 - 2010-11-26 08:53 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core.job
2014-06-09 07:41 - 2014-06-09 07:39 - 00028338 _____ () C:\Users\Xavier\Desktop\dds.txt
2014-06-09 07:41 - 2014-06-09 07:39 - 00014292 _____ () C:\Users\Xavier\Desktop\Attach.txt
2014-06-09 07:36 - 2014-06-09 07:36 - 00688992 ____R (Swearware) C:\Users\Xavier\Downloads\dds.com
2014-06-08 18:24 - 2014-06-08 18:24 - 00070878 _____ () C:\Users\Xavier\Desktop\FRST_Lastest.txt
2014-06-07 20:49 - 2014-06-06 16:37 - 00002218 _____ () C:\Users\Xavier\Desktop\Rkill.txt
2014-06-07 11:27 - 2014-06-07 10:59 - 1102351183 ____R () C:\Users\Xavier\Downloads\snis166.avi
2014-06-06 18:54 - 2014-06-06 18:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 18:41 - 2014-06-06 18:36 - 139282600 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_06_13_25.exe
2014-06-06 17:50 - 2014-06-06 17:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 17:02 - 2014-06-06 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 17:00 - 2014-06-06 17:00 - 05245952 _____ () C:\Users\Xavier\Downloads\RogueKillerX64.exe
2014-06-06 16:41 - 2014-06-06 16:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-06-06 16:37 - 2014-06-06 16:37 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Xavier\Downloads\rkill.exe
2014-06-06 00:24 - 2014-06-06 00:24 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner.exe
2014-06-06 00:08 - 2014-06-05 22:00 - 00000000 ____D () C:\Users\Xavier\Downloads\Heyzo-0610-HD
2014-06-05 23:40 - 2014-06-05 22:04 - 00000000 ____D () C:\Users\Xavier\Downloads\1Pondo-060314_820-HD
2014-06-05 07:02 - 2014-06-03 17:33 - 00042427 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 20:13 - 2014-06-03 20:10 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 19:32 - 2010-06-19 21:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-03 19:32 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2010-12-06 09:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:31 - 2014-06-03 17:30 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 09:24 - 2010-08-04 07:32 - 00007595 _____ () C:\Users\Xavier\AppData\Local\Resmon.ResmonCfg
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-02 00:56 - 2014-06-01 21:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-02 00:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 21:40 - 2013-11-26 15:58 - 00000000 ____D () C:\Program Files\Google
2014-06-01 21:40 - 2013-11-26 15:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-01 20:19 - 2014-06-01 17:48 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 16:12 - 2014-06-01 08:26 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-06-01 10:06 - 2014-06-01 10:04 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-05-31 22:39 - 2014-05-31 22:36 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:17 - 2014-05-31 19:09 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:52 - 2014-05-31 18:42 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:50 - 2014-05-31 18:42 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:43 - 2014-05-31 18:30 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:35 - 2014-05-31 18:30 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:26 - 2014-05-31 18:09 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 18:25 - 2014-05-31 18:12 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:21 - 2014-05-31 18:17 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 13:16 - 2014-05-31 12:23 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 13:15 - 2014-04-29 07:10 - 38258837 _____ () C:\Users\Xavier\Downloads\12345.rar
2014-05-31 12:42 - 2011-10-14 23:36 - 00000000 ____D () C:\Windows\pss
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2010-06-19 14:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-31 10:54 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-31 10:54 - 2009-07-14 12:54 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-05-31 10:54 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-31 01:42 - 2014-05-31 01:41 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 18:41 - 2014-05-30 08:25 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-30 16:44 - 2014-05-30 08:57 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 16:02 - 2014-05-30 16:00 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫:帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 10:01 - 2014-05-15 09:53 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-27 06:29 - 2010-06-15 23:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-10-01 21:53 - 00000000 ____D () C:\Program Files\McAfee
2014-05-26 20:07 - 2010-06-15 23:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-26 20:06 - 2014-05-26 19:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:47 - 2010-06-16 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-26 19:22 - 2010-12-20 09:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-25 10:29 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-24 23:13 - 2014-05-24 23:12 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 21:57 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier
2014-05-24 21:13 - 2014-05-23 16:13 - 00000000 ____D () C:\Windows\rescache
2014-05-24 20:35 - 2009-07-14 10:34 - 79167488 _____ () C:\Windows\system32\config\software.rmbak
2014-05-24 20:35 - 2009-07-14 10:34 - 02097152 _____ () C:\Windows\system32\config\default.rmbak
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 19:43 - 2014-04-20 15:21 - 00000000 ____D () C:\Users\Xavier\Downloads\Edited folder
2014-05-23 08:48 - 2012-06-03 13:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-23 08:48 - 2010-06-18 15:43 - 00000000 ____D () C:\Temp
2014-05-23 08:45 - 2012-06-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-22 17:18 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files\stinger
2014-05-21 18:04 - 2009-07-14 13:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-17 09:29 - 2013-03-20 08:25 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 09:10 - 2013-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 00:49 - 2010-08-17 17:41 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\SoftGrid Client
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 17:31 - 2013-12-26 21:47 - 00014915 _____ () C:\Users\Xavier\Documents\My Toys.xlsx
2014-05-15 11:48 - 2012-08-20 08:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 11:48 - 2012-06-10 23:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 11:48 - 2012-06-10 23:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 11:45 - 2010-06-18 15:29 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 11:39 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 11:25 - 2010-06-16 15:16 - 00000000 ____D () C:\dell
2014-05-15 10:18 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:53 - 2010-06-18 15:29 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Dell
2014-05-15 09:53 - 2010-06-16 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:52 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\Dell
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2013-07-12 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:50 - 2013-12-03 17:32 - 00000000 ____D () C:\Users\Xavier\AppData\Local\NVIDIA Corporation
2014-05-14 23:50 - 2012-06-03 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-14 23:45 - 2010-06-18 19:44 - 00000000 ____D () C:\Users\Xavier\Tracing
2014-05-13 22:48 - 2010-10-20 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Windows Live
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 22:44 - 2013-07-08 16:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-13 22:43 - 2013-07-08 16:13 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-13 22:43 - 2013-07-08 16:13 - 00001382 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-13 22:43 - 2010-10-20 17:39 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-05-13 22:42 - 2013-07-08 16:12 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-13 22:42 - 2010-06-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-13 16:33 - 2014-05-08 07:38 - 2205661922 _____ () C:\Users\Xavier\Downloads\0312-CESD-042.mkv
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-12 07:26 - 2014-06-03 17:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 17:53 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2010-12-06 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Xavier\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 14:08

==================== End Of Log ============================

 

Once again thanks.



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:40 AM

Posted 10 June 2014 - 05:31 AM

127.0.0.1 activate.adobe.com

Why are you using cracked Adobe Software?

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Xavierwan

Xavierwan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 10 June 2014 - 05:52 AM

Sorry, I didn't know that its a cracked SW as I got it from a friend.

 

following are the CKScanner log

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.NA.11.EDAPCZ
 ----- EOF -----
 



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:40 AM

Posted 10 June 2014 - 06:18 AM

FYI, while waiting for your assistant i have use sw which was mention here and also others such as rkill, tdsskiller, ESET Online Scanner.

I need these logs. Please post them into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Xavierwan

Xavierwan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 10 June 2014 - 07:07 AM

Hi,

RogueKiller log which I scan previously.

 

RogueKiller V9.0.2.0 (x64) [Jun  3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Xavier [Admin rights]
Mode : Remove -- Date : 06/06/2014  17:24:38

¤¤¤ Bad processes : 2 ¤¤¤
[ZeroAccess] mcshield.exe -- [x] -> ERROR [12]
[Suspicious.Path] (SVC) XMusicServer -- C:\Users\Xavier\AppData\Roaming\XMusicUpdate\XMusicServer.exe[7] -> STOPPED

¤¤¤ Registry Entries : 25 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XMusicServer -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XMusicServer -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\XMusicServer -> DELETED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8888;https=127.0.0.1:8888  -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8888;https=127.0.0.1:8888  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] aowsmlju.default : user_pref("network.proxy.type", 4); -> NOT SELECTED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-75V0A0 ATA Device +++++
--- User ---
[MBR] 2531f6f063126ba542309fe26645f11d
[BSP] 48081e6a437bd5449e687366a06b2581 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 145408 | Size: 9918 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 20457472 | Size: 266950 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 567171072 | Size: 200000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: BUFFALO HD-PNTU3 USB Device +++++
--- User ---
[MBR] 464c0913be10225d44a7fe17cb85f60f
[BSP] f6225436a928e9b2209beb4b66d5e096 : Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953839 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Seagate Portable USB Device +++++
--- User ---
[MBR] a54981ea7ae9ebe3f8ed859b685076d0
[BSP] 26af252a10ce5ebd6327e9957650db4c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive7: BUFFALO HD-PNTU3 USB Device +++++
--- User ---
[MBR] e9de1f7590e750cc3182c0612d071363
[BSP] b28bf549b66b6f32c881c3eaf2225cf8 : Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953839 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_06062014_172210.log


Mbam log which I scan previously
 
<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2014/06/03 17:59:58 +0800</date><logfile>mbam-log-2014-06-03 (17-57-51).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.00.2.1012</version><malware-database>v2014.06.03.03</malware-database><rootkit-database>v2014.06.02.01</rootkit-database><license>trial</license><file-protection>enabled</file-protection><web-protection>enabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>Xavier</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>289291</objects> <time>2336</time><processes>0</processes><modules>0</modules><keys>0</keys><values>0</values><datas>0</datas><folders>0</folders><files>3</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><file><path>C:\Users\Xavier\Downloads\Eleven.zip</path><vendor>Extension.Mismatch</vendor><action>success</action><hash>957a373d295251e5576f432af01029d7</hash></file><file><path>C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\searchplugins\Speedial.xml</path><vendor>PUP.Optional.Speedial.A</vendor><action>success</action><hash>bd52cda7b8c33ef8519ef6a209f97b85</hash></file><file><path>C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\preferences</path><vendor>PUP.Optional.Speedial.A</vendor><action>replaced</action><baddata> "homepage": "http://speedial.com/?f=1&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=",</baddata><gooddata/><hash>61aee78dee8df3434ef1820e8183b34d</hash></file></items>

</mbam-log>


Edited by Xavierwan, 10 June 2014 - 07:08 AM.


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:40 AM

Posted 10 June 2014 - 08:25 AM

  • Download RogueKiller (by tigzy) on the desktop
  • Quit all programs
  • Start RogueKiller.exe. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on RogueKiller.exe and select Run as Administrator)
  • Wait until Prescan has finished ...
  • Click on Scan.
  • After it has finished, click the Registry tab and clear the check marks from the following entries:
    • [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8888;https=127.0.0.1:8888 -> NOT SELECTED
    • [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8888;https=127.0.0.1:8888 -> NOT SELECTED
    • [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    • [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
    • [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    • [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
    • [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
    • [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    • [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
    • [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    • [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED
    • [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
  • Click on the Delete button.
  • The report has been created on the desktop.(RKreport.txt)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Xavierwan

Xavierwan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 10 June 2014 - 09:00 AM

Hi Machiavelli,

Follow is the log

 

RogueKiller V9.0.2.0 (x64) [Jun  3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Xavier [Admin rights]
Mode : Remove -- Date : 06/10/2014  21:58:12

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess] mcshield.exe -- [x] -> ERROR [12]

¤¤¤ Registry Entries : 22 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8888;https=127.0.0.1:8888  -> DELETED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8888;https=127.0.0.1:8888  -> ERROR [2]
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> DELETED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> DELETED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> ERROR [2]
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ERROR [2]
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] aowsmlju.default : user_pref("network.proxy.type", 4); -> NOT SELECTED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-75V0A0 ATA Device +++++
--- User ---
[MBR] 2531f6f063126ba542309fe26645f11d
[BSP] 48081e6a437bd5449e687366a06b2581 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 145408 | Size: 9918 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 20457472 | Size: 266950 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 567171072 | Size: 200000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: BUFFALO HD-PNTU3 USB Device +++++
--- User ---
[MBR] 464c0913be10225d44a7fe17cb85f60f
[BSP] f6225436a928e9b2209beb4b66d5e096 : Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953839 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Seagate Portable USB Device +++++
--- User ---
[MBR] a54981ea7ae9ebe3f8ed859b685076d0
[BSP] 26af252a10ce5ebd6327e9957650db4c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive7: BUFFALO HD-PNTU3 USB Device +++++
--- User ---
[MBR] e9de1f7590e750cc3182c0612d071363
[BSP] b28bf549b66b6f32c881c3eaf2225cf8 : Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953839 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_06062014_172438.log - RKreport_SCN_06062014_172210.log - RKreport_SCN_06102014_194952.log - RKreport_SCN_06102014_215420.log



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:40 AM

Posted 10 June 2014 - 10:28 AM

 

  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Edited by Machiavelli, 10 June 2014 - 10:28 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Xavierwan

Xavierwan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 10 June 2014 - 11:03 AM

Hi,

FRS log, thanks

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by Xavier (administrator) on XAVIER-PC on 10-06-2014 23:58:14
Running from C:\Users\Xavier\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
(Alipay Inc. ) C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe.bad9.deleteme
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Users\Xavier\AppData\Local\Temp\McInstallTemp\Install.exe
(McAfee, Inc.) C:\Users\Xavier\AppData\Local\Temp\McInstallTemp (2)\SelfProtect\Win64\mfehidin.exe
(McAfee, Inc.) C:\Users\Xavier\AppData\Local\Temp\McInstrumentationTemp (2)\McItInfo.exe
(McAfee, Inc.) C:\Users\Xavier\AppData\Local\Temp\McInstallTemp\SelfProtect\Win64\mfehidin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103936 2012-07-23] (PC Tools)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF4CE896E19ACE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll No File
DPF: HKLM-x32 {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} https://accesscontrol.citibank.co.kr/acsapp/initech/plugin/down/INIS60.cab
DPF: HKLM-x32 {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4_WOW64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl64.dll No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16

FireFox:
========
FF ProfilePath: C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default
FF Homepage: https://www.google.com.sg/
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\SysWOW64\aliedit\3.7.0.0\npAliSecCtrl64.dll (Alipay.com Inc. )
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @alipay.com/npalidcp - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll No File
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\artur.dubovoy@gmail.com [2014-05-18]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-08-05]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-07-12]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Xavier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-29]
CHR Extension: (RealDownloader) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-04]
CHR Extension: (FlashControl) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2012-03-30]
CHR Extension: (Google Wallet) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-09-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com) [File not signed]
S2 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-10-04] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-05-01] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793088 2012-07-23] (PC Tools)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
R0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 scskusbf; syswow64\drivers\scskusbf.sys [X]
S3 scskusbs; syswow64\drivers\scskusbs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 00:01 - 2014-03-17 18:54 - 00185792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-06-10 23:55 - 2014-06-10 23:55 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-10 23:44 - 2014-06-10 23:48 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-06-10 23:44 - 2014-06-10 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-10 23:44 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-06-10 22:41 - 2014-06-10 22:41 - 00003596 _____ () C:\Users\Xavier\Desktop\RKreport_SCN_06102014_223913.log
2014-06-10 22:27 - 2014-06-10 23:55 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-10 22:20 - 2014-06-10 22:20 - 00000000 ____D () C:\NVIDIA
2014-06-10 19:08 - 2014-06-10 19:08 - 00000000 ____D () C:\Windows\ERDNT
2014-06-10 19:07 - 2014-06-10 19:07 - 00000907 _____ () C:\Users\Xavier\Desktop\ERUNT.lnk
2014-06-10 19:07 - 2014-06-10 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-10 19:07 - 2014-06-10 19:07 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-10 19:01 - 2014-06-10 19:01 - 00791393 _____ (Lars Hederer ) C:\Users\Xavier\Downloads\erunt-setup.exe
2014-06-10 18:50 - 2014-06-10 18:51 - 00000163 _____ () C:\Users\Xavier\Downloads\ckfiles.txt
2014-06-10 18:34 - 2014-06-10 18:34 - 00468480 _____ () C:\Users\Xavier\Downloads\CKScanner.exe
2014-06-10 18:34 - 2014-06-10 18:34 - 00468480 _____ () C:\Users\Xavier\Downloads\CKScanner(1).exe
2014-06-10 17:59 - 2014-06-10 17:59 - 00000634 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-10 17:48 - 2014-06-10 17:49 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT(1).exe
2014-06-10 17:21 - 2014-06-10 23:54 - 00010702 _____ () C:\Windows\PFRO.log
2014-06-10 17:18 - 2014-06-10 17:19 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner(1).exe
2014-06-10 17:12 - 2014-06-10 17:12 - 00004242 _____ () C:\Users\Xavier\Desktop\do.txt
2014-06-10 16:44 - 2014-06-10 23:54 - 00001176 _____ () C:\Windows\setupact.log
2014-06-10 16:44 - 2014-06-10 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 08:00 - 2014-06-10 08:04 - 00000000 ____D () C:\Users\Xavier\Downloads\RCT-621
2014-06-10 07:56 - 2014-06-10 07:58 - 00000000 ____D () C:\Users\Xavier\Downloads\AV-RCT-617.mp4
2014-06-10 07:55 - 2014-06-10 07:56 - 00000000 ____D () C:\Users\Xavier\Downloads\球尔@www.sexinsex.net@MDYD-915
2014-06-10 07:54 - 2014-06-10 08:02 - 00000000 ____D () C:\Users\Xavier\Downloads\MDYD-912
2014-06-10 07:54 - 2014-06-10 07:55 - 1401872696 _____ () C:\Users\Xavier\Downloads\DANDY-113.avi
2014-06-10 07:52 - 2014-06-10 07:52 - 522374873 _____ () C:\Users\Xavier\Downloads\Dandy-001.flv
2014-06-10 07:43 - 2014-06-10 07:43 - 476634133 _____ () C:\Users\Xavier\Downloads\DVDES-352.rmvb
2014-06-09 07:39 - 2014-06-09 07:41 - 00028338 _____ () C:\Users\Xavier\Desktop\dds.txt
2014-06-09 07:39 - 2014-06-09 07:41 - 00014292 _____ () C:\Users\Xavier\Desktop\Attach.txt
2014-06-09 07:36 - 2014-06-09 07:36 - 00688992 ____R (Swearware) C:\Users\Xavier\Downloads\dds.com
2014-06-08 18:24 - 2014-06-08 18:24 - 00070878 _____ () C:\Users\Xavier\Desktop\FRST_Lastest.txt
2014-06-08 18:22 - 2014-06-10 18:04 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST-OlderVersion
2014-06-07 10:59 - 2014-06-07 11:27 - 1102351183 ____R () C:\Users\Xavier\Downloads\snis166.avi
2014-06-06 18:54 - 2014-06-06 18:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 18:36 - 2014-06-06 18:41 - 139282600 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_06_13_25.exe
2014-06-06 17:50 - 2014-06-06 17:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 17:02 - 2014-06-06 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 17:00 - 2014-06-06 17:00 - 05245952 _____ () C:\Users\Xavier\Downloads\RogueKillerX64.exe
2014-06-06 16:40 - 2014-06-06 16:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-06-06 16:37 - 2014-06-10 19:06 - 00002216 _____ () C:\Users\Xavier\Desktop\Rkill.txt
2014-06-06 16:37 - 2014-06-06 16:37 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Xavier\Downloads\rkill.exe
2014-06-06 00:24 - 2014-06-06 00:24 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner.exe
2014-06-05 22:04 - 2014-06-05 23:40 - 00000000 ____D () C:\Users\Xavier\Downloads\1Pondo-060314_820-HD
2014-06-05 22:00 - 2014-06-06 00:08 - 00000000 ____D () C:\Users\Xavier\Downloads\Heyzo-0610-HD
2014-06-03 20:10 - 2014-06-03 20:13 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 17:56 - 2014-06-10 23:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 17:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:33 - 2014-06-05 07:02 - 00042427 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 17:30 - 2014-06-03 17:31 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 17:29 - 2014-06-10 23:58 - 00031002 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-03 17:29 - 2014-06-10 23:58 - 00000000 ____D () C:\FRST
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:43 - 2014-06-10 23:00 - 00000000 ____D () C:\AdwCleaner
2014-06-03 08:19 - 2014-06-10 18:04 - 02080768 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 21:56 - 2014-06-02 00:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-01 17:48 - 2014-06-01 20:19 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 10:04 - 2014-06-01 10:06 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-06-01 08:26 - 2014-06-01 16:12 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-05-31 22:36 - 2014-05-31 22:39 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:09 - 2014-05-31 19:17 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:42 - 2014-05-31 18:52 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:42 - 2014-05-31 18:50 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:30 - 2014-05-31 18:43 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:30 - 2014-05-31 18:35 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:17 - 2014-05-31 18:21 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 18:12 - 2014-05-31 18:25 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:09 - 2014-05-31 18:26 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 16:15 - 2014-06-10 23:23 - 00379830 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 12:23 - 2014-05-31 13:16 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 01:41 - 2014-05-31 01:42 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 16:00 - 2014-05-30 16:02 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫:帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 08:57 - 2014-05-30 16:44 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 08:25 - 2014-05-30 18:41 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 19:58 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.bad9.deleteme
2014-05-26 19:57 - 2014-06-10 23:55 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-24 23:12 - 2014-05-24 23:13 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 08:31 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 08:31 - 2014-01-04 06:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-23 16:13 - 2014-05-24 21:13 - 00000000 ____D () C:\Windows\rescache
2014-05-23 08:49 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-23 08:49 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-23 08:49 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-23 08:49 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-23 08:49 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-23 08:49 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-23 08:49 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-23 08:42 - 2013-09-25 10:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-23 08:42 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:41 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-20 06:41 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 09:53 - 2014-05-30 10:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 10:18 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 09:22 - 2014-05-06 12:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:22 - 2014-05-06 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 09:22 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:18 - 2014-05-09 14:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 09:18 - 2014-03-25 10:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 09:18 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 09:17 - 2014-05-09 14:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 09:15 - 2014-04-12 10:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 09:15 - 2014-03-04 17:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 09:15 - 2014-03-04 17:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 09:14 - 2014-04-12 10:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 09:14 - 2014-04-12 10:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 09:14 - 2014-04-12 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 09:14 - 2014-04-12 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 23:49 - 2014-04-01 00:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-14 23:49 - 2014-04-01 00:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip

==================== One Month Modified Files and Folders =======

2014-06-11 00:02 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Temp
2014-06-11 00:01 - 2014-06-03 17:29 - 00031002 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-10 23:59 - 2014-05-31 16:15 - 00379830 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 23:58 - 2014-06-03 17:29 - 00000000 ____D () C:\FRST
2014-06-10 23:57 - 2014-06-03 17:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 23:57 - 2010-06-15 23:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-10 23:55 - 2014-06-10 23:55 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-10 23:55 - 2014-06-10 22:27 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-10 23:55 - 2014-05-26 19:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-06-10 23:55 - 2014-02-17 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\TaobaoProtect
2014-06-10 23:55 - 2013-10-01 21:53 - 00000000 ____D () C:\Program Files\McAfee
2014-06-10 23:55 - 2012-09-02 09:38 - 00000286 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-06-10 23:55 - 2012-09-01 21:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-10 23:55 - 2010-06-15 23:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-10 23:54 - 2014-06-10 17:21 - 00010702 _____ () C:\Windows\PFRO.log
2014-06-10 23:54 - 2014-06-10 16:44 - 00001176 _____ () C:\Windows\setupact.log
2014-06-10 23:54 - 2013-11-26 15:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 23:54 - 2012-09-01 21:11 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2014-06-10 23:54 - 2010-06-16 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-10 23:54 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 23:54 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-10 23:48 - 2014-06-10 23:44 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-06-10 23:48 - 2014-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-10 23:10 - 2012-08-20 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 23:00 - 2014-06-03 08:43 - 00000000 ____D () C:\AdwCleaner
2014-06-10 22:47 - 2010-11-26 08:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA.job
2014-06-10 22:41 - 2014-06-10 22:41 - 00003596 _____ () C:\Users\Xavier\Desktop\RKreport_SCN_06102014_223913.log
2014-06-10 22:36 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 22:36 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 22:34 - 2013-11-26 15:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 22:22 - 2009-07-14 13:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-10 22:20 - 2014-06-10 22:20 - 00000000 ____D () C:\NVIDIA
2014-06-10 19:08 - 2014-06-10 19:08 - 00000000 ____D () C:\Windows\ERDNT
2014-06-10 19:07 - 2014-06-10 19:07 - 00000907 _____ () C:\Users\Xavier\Desktop\ERUNT.lnk
2014-06-10 19:07 - 2014-06-10 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-10 19:07 - 2014-06-10 19:07 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-10 19:07 - 2010-06-18 15:25 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-10 19:06 - 2014-06-06 16:37 - 00002216 _____ () C:\Users\Xavier\Desktop\Rkill.txt
2014-06-10 19:01 - 2014-06-10 19:01 - 00791393 _____ (Lars Hederer ) C:\Users\Xavier\Downloads\erunt-setup.exe
2014-06-10 18:51 - 2014-06-10 18:50 - 00000163 _____ () C:\Users\Xavier\Downloads\ckfiles.txt
2014-06-10 18:34 - 2014-06-10 18:34 - 00468480 _____ () C:\Users\Xavier\Downloads\CKScanner.exe
2014-06-10 18:34 - 2014-06-10 18:34 - 00468480 _____ () C:\Users\Xavier\Downloads\CKScanner(1).exe
2014-06-10 18:04 - 2014-06-08 18:22 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST-OlderVersion
2014-06-10 18:04 - 2014-06-03 08:19 - 02080768 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-10 17:59 - 2014-06-10 17:59 - 00000634 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-10 17:49 - 2014-06-10 17:48 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT(1).exe
2014-06-10 17:19 - 2014-06-10 17:18 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner(1).exe
2014-06-10 17:12 - 2014-06-10 17:12 - 00004242 _____ () C:\Users\Xavier\Desktop\do.txt
2014-06-10 16:44 - 2014-06-10 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 09:34 - 2013-05-18 14:25 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\BitTorrent
2014-06-10 08:04 - 2014-06-10 08:00 - 00000000 ____D () C:\Users\Xavier\Downloads\RCT-621
2014-06-10 08:02 - 2014-06-10 07:54 - 00000000 ____D () C:\Users\Xavier\Downloads\MDYD-912
2014-06-10 07:58 - 2014-06-10 07:56 - 00000000 ____D () C:\Users\Xavier\Downloads\AV-RCT-617.mp4
2014-06-10 07:56 - 2014-06-10 07:55 - 00000000 ____D () C:\Users\Xavier\Downloads\球尔@www.sexinsex.net@MDYD-915
2014-06-10 07:55 - 2014-06-10 07:54 - 1401872696 _____ () C:\Users\Xavier\Downloads\DANDY-113.avi
2014-06-10 07:52 - 2014-06-10 07:52 - 522374873 _____ () C:\Users\Xavier\Downloads\Dandy-001.flv
2014-06-10 07:43 - 2014-06-10 07:43 - 476634133 _____ () C:\Users\Xavier\Downloads\DVDES-352.rmvb
2014-06-09 23:47 - 2010-11-26 08:53 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core.job
2014-06-09 07:41 - 2014-06-09 07:39 - 00028338 _____ () C:\Users\Xavier\Desktop\dds.txt
2014-06-09 07:41 - 2014-06-09 07:39 - 00014292 _____ () C:\Users\Xavier\Desktop\Attach.txt
2014-06-09 07:36 - 2014-06-09 07:36 - 00688992 ____R (Swearware) C:\Users\Xavier\Downloads\dds.com
2014-06-08 18:24 - 2014-06-08 18:24 - 00070878 _____ () C:\Users\Xavier\Desktop\FRST_Lastest.txt
2014-06-07 11:27 - 2014-06-07 10:59 - 1102351183 ____R () C:\Users\Xavier\Downloads\snis166.avi
2014-06-06 18:54 - 2014-06-06 18:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 18:41 - 2014-06-06 18:36 - 139282600 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_06_13_25.exe
2014-06-06 17:50 - 2014-06-06 17:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 17:02 - 2014-06-06 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 17:00 - 2014-06-06 17:00 - 05245952 _____ () C:\Users\Xavier\Downloads\RogueKillerX64.exe
2014-06-06 16:41 - 2014-06-06 16:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-06-06 16:37 - 2014-06-06 16:37 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Xavier\Downloads\rkill.exe
2014-06-06 00:24 - 2014-06-06 00:24 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner.exe
2014-06-06 00:08 - 2014-06-05 22:00 - 00000000 ____D () C:\Users\Xavier\Downloads\Heyzo-0610-HD
2014-06-05 23:40 - 2014-06-05 22:04 - 00000000 ____D () C:\Users\Xavier\Downloads\1Pondo-060314_820-HD
2014-06-05 07:02 - 2014-06-03 17:33 - 00042427 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 20:13 - 2014-06-03 20:10 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2010-12-06 09:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:31 - 2014-06-03 17:30 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 09:24 - 2010-08-04 07:32 - 00007595 _____ () C:\Users\Xavier\AppData\Local\Resmon.ResmonCfg
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-02 00:56 - 2014-06-01 21:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-02 00:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 21:40 - 2013-11-26 15:58 - 00000000 ____D () C:\Program Files\Google
2014-06-01 21:40 - 2013-11-26 15:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-01 20:19 - 2014-06-01 17:48 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 16:12 - 2014-06-01 08:26 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-06-01 10:06 - 2014-06-01 10:04 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-05-31 22:39 - 2014-05-31 22:36 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:17 - 2014-05-31 19:09 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:52 - 2014-05-31 18:42 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:50 - 2014-05-31 18:42 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:43 - 2014-05-31 18:30 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:35 - 2014-05-31 18:30 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:26 - 2014-05-31 18:09 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 18:25 - 2014-05-31 18:12 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:21 - 2014-05-31 18:17 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 13:16 - 2014-05-31 12:23 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 13:15 - 2014-04-29 07:10 - 38258837 _____ () C:\Users\Xavier\Downloads\12345.rar
2014-05-31 12:42 - 2011-10-14 23:36 - 00000000 ____D () C:\Windows\pss
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2010-06-19 14:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-31 10:54 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-31 10:54 - 2009-07-14 12:54 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-05-31 10:54 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-31 01:42 - 2014-05-31 01:41 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 18:41 - 2014-05-30 08:25 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-30 16:44 - 2014-05-30 08:57 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 16:02 - 2014-05-30 16:00 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫:帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 10:01 - 2014-05-15 09:53 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:47 - 2010-06-16 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-26 19:22 - 2010-12-20 09:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-25 10:29 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-24 23:13 - 2014-05-24 23:12 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 21:57 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier
2014-05-24 21:13 - 2014-05-23 16:13 - 00000000 ____D () C:\Windows\rescache
2014-05-24 20:35 - 2009-07-14 10:34 - 79167488 _____ () C:\Windows\system32\config\software.rmbak
2014-05-24 20:35 - 2009-07-14 10:34 - 02097152 _____ () C:\Windows\system32\config\default.rmbak
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 19:43 - 2014-04-20 15:21 - 00000000 ____D () C:\Users\Xavier\Downloads\Edited folder
2014-05-23 08:48 - 2012-06-03 13:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-23 08:48 - 2010-06-18 15:43 - 00000000 ____D () C:\Temp
2014-05-23 08:45 - 2012-06-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-22 17:18 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files\stinger
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-17 09:29 - 2013-03-20 08:25 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 09:10 - 2013-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 00:49 - 2010-08-17 17:41 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\SoftGrid Client
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 17:31 - 2013-12-26 21:47 - 00014915 _____ () C:\Users\Xavier\Documents\My Toys.xlsx
2014-05-15 11:48 - 2012-08-20 08:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 11:48 - 2012-06-10 23:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 11:48 - 2012-06-10 23:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 11:45 - 2010-06-18 15:29 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 11:39 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 11:25 - 2010-06-16 15:16 - 00000000 ____D () C:\dell
2014-05-15 10:18 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:53 - 2010-06-18 15:29 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Dell
2014-05-15 09:53 - 2010-06-16 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:52 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\Dell
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2013-07-12 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:50 - 2013-12-03 17:32 - 00000000 ____D () C:\Users\Xavier\AppData\Local\NVIDIA Corporation
2014-05-14 23:50 - 2012-06-03 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-14 23:45 - 2010-06-18 19:44 - 00000000 ____D () C:\Users\Xavier\Tracing
2014-05-13 22:48 - 2010-10-20 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Windows Live
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 22:44 - 2013-07-08 16:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-13 22:43 - 2013-07-08 16:13 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-13 22:43 - 2013-07-08 16:13 - 00001382 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-13 22:43 - 2010-10-20 17:39 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-05-13 22:42 - 2013-07-08 16:12 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-13 22:42 - 2010-06-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-13 16:33 - 2014-05-08 07:38 - 2205661922 _____ () C:\Users\Xavier\Downloads\0312-CESD-042.mkv
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-12 07:26 - 2014-06-03 17:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 17:53 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2010-12-06 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Xavier\AppData\Local\Temp\0057881402414054mcinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 14:08

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users