Jump to content

dllhost.exe com surrogate and Firewall off issue

xavierwan
 Share

Recommended Posts

xavierwan

xavierwan

Posted
Posted

Hi,

Few days ago I am having issue with the dllhost.exe COM Surrogate on a windows 7 machine which is comsumming alot of the CPU usage and makes my PC very slow and I keep getting alert from Macfee that the firewall has being turn off.

After running few software such as MBAM, AdwCleaner which is able to detect and remove few malware, the issue of the dllhost.exe COM Surrogate seems to be resolved, or is it went into hidding mode?

and I still keep getting alert from Macfee that the firewall has being turn off . Please help to check what's wrong. Thanks.

 

Below is the FRST.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Xavier (administrator) on XAVIER-PC on 05-06-2014 07:00:01
Running from C:\Users\Xavier\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Alipay Inc. ) C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(xiami) C:\Users\Xavier\AppData\Roaming\XMusicUpdate\XMusicServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
(Alipay Inc. ) C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103936 2012-07-23] (PC Tools)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8888;https=127.0.0.1:8888
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF4CE896E19ACE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} https://accesscontrol.citibank.co.kr/acsapp/initech/plugin/down/INIS60.cab
DPF: HKLM-x32 {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4_WOW64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16

FireFox:
========
FF ProfilePath: C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Speedial
FF Homepage: https://www.google.com.sg/
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\SysWOW64\aliedit\3.7.0.0\npAliSecCtrl64.dll (Alipay.com Inc. )
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @alipay.com/npalidcp - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\artur.dubovoy@gmail.com [2014-05-18]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-08-05]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-07-12]
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-05-26]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir="
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Xavier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-29]
CHR Extension: (RealDownloader) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-04]
CHR Extension: (FlashControl) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2012-03-30]
CHR Extension: (Google Wallet) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com)
S2 0038701401921783mcinstcleanup; C:\Windows\TEMP\0038701401921783mcinst.exe [836168 2014-03-13] (McAfee, Inc.)
R2 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-05-01] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793088 2012-07-23] (PC Tools)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 XMusicServer; C:\Users\Xavier\AppData\Roaming\XMusicUpdate\XMusicServer.exe [1587400 2013-12-16] (xiami)

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 scskusbf; syswow64\drivers\scskusbf.sys [X]
S3 scskusbs; syswow64\drivers\scskusbs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 06:45 - 2014-06-05 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-05 06:38 - 2014-06-05 06:38 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-05 06:35 - 2014-06-05 06:35 - 00000168 _____ () C:\Windows\setupact.log
2014-06-05 06:35 - 2014-06-05 06:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 22:51 - 2014-06-04 22:52 - 594004776 _____ () C:\Users\Xavier\Downloads\ZhangJie.zip
2014-06-03 20:10 - 2014-06-03 20:13 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 17:56 - 2014-06-05 06:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 17:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:33 - 2014-06-03 20:56 - 00037762 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 17:30 - 2014-06-03 17:31 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 17:29 - 2014-06-05 07:00 - 00032441 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-03 17:29 - 2014-06-05 07:00 - 00000000 ____D () C:\FRST
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:58 - 2014-06-05 06:38 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-03 08:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:43 - 2014-06-05 06:56 - 00000000 ____D () C:\AdwCleaner
2014-06-03 08:42 - 2014-06-03 08:42 - 01327971 _____ () C:\Users\Xavier\Downloads\adwcleaner_3.211.exe
2014-06-03 08:19 - 2014-06-03 08:19 - 02068992 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 08:07 - 2014-06-03 08:07 - 00000000 ____D () C:\Users\Xavier\Downloads\zoek
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 21:56 - 2014-06-02 00:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-01 17:48 - 2014-06-01 20:19 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 12:58 - 2014-06-02 23:18 - 00000000 ____D () C:\Users\Xavier\Downloads\國模~楊依[23MOV3.17G]
2014-06-01 10:04 - 2014-06-01 10:06 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-06-01 08:26 - 2014-06-01 16:12 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-05-31 22:36 - 2014-05-31 22:39 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:09 - 2014-05-31 19:17 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列.rm
2014-05-31 18:42 - 2014-05-31 18:52 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:42 - 2014-05-31 18:50 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:30 - 2014-05-31 18:43 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:30 - 2014-05-31 18:35 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:17 - 2014-05-31 18:21 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 18:12 - 2014-05-31 18:25 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:09 - 2014-05-31 18:26 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 16:15 - 2014-06-05 06:42 - 00172139 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 12:23 - 2014-05-31 13:16 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 01:41 - 2014-05-31 01:42 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 16:00 - 2014-05-30 16:02 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 08:57 - 2014-05-30 16:44 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 08:25 - 2014-05-30 18:41 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:58 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-05-26 19:57 - 2014-05-26 20:06 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-26 08:18 - 2014-05-31 10:36 - 1880215890 ____R () C:\Users\Xavier\Downloads\[HD]SW-261.avi
2014-05-25 21:17 - 2014-05-25 21:21 - 00000000 ____D () C:\Users\Xavier\Downloads\第一會所新片
2014-05-25 21:14 - 2014-05-31 10:02 - 1513802283 ____R () C:\Users\Xavier\Downloads\SPRD-728,.mp4
2014-05-25 21:12 - 2014-05-26 08:13 - 3212145227 ____R () C:\Users\Xavier\Downloads\[FHD]mdyd-898.mkv
2014-05-24 23:12 - 2014-05-24 23:13 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 08:31 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 08:31 - 2014-01-04 06:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-23 22:19 - 2014-05-24 10:17 - 2541015649 ____R () C:\Users\Xavier\Downloads\hunt843B,.wmv
2014-05-23 16:13 - 2014-05-24 21:13 - 00000000 ____D () C:\Windows\rescache
2014-05-23 08:49 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-23 08:49 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-23 08:49 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-23 08:49 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-23 08:49 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-23 08:49 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-23 08:49 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-23 08:42 - 2013-09-25 10:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-23 08:42 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-21 23:29 - 2014-05-21 23:43 - 00000000 ____D () C:\Users\Xavier\Downloads\DSKM-102
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:41 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-20 06:41 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 09:53 - 2014-05-30 10:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 10:18 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 09:22 - 2014-05-06 12:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:22 - 2014-05-06 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 09:22 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:18 - 2014-05-09 14:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 09:18 - 2014-03-25 10:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 09:18 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 09:17 - 2014-05-09 14:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 09:15 - 2014-04-12 10:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 09:15 - 2014-03-04 17:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 09:15 - 2014-03-04 17:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 09:14 - 2014-04-12 10:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 09:14 - 2014-04-12 10:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 09:14 - 2014-04-12 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 09:14 - 2014-04-12 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 23:49 - 2014-04-01 00:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-14 23:49 - 2014-04-01 00:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 16:52 - 2014-05-31 13:27 - 00000000 ____D () C:\Users\Xavier\Downloads\MDYD-910
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-09 07:09 - 2014-05-09 07:09 - 43723586 _____ () C:\Users\Xavier\Downloads\IMG_0475.MOV
2014-05-09 07:06 - 2014-05-09 07:06 - 18943573 _____ () C:\Users\Xavier\Downloads\Esc1.mp4
2014-05-09 06:55 - 2014-05-09 06:55 - 17806141 _____ () C:\Users\Xavier\Downloads\girl.wmv
2014-05-09 06:38 - 2014-05-09 06:38 - 26870080 _____ () C:\Users\Xavier\Downloads\downblouse.mp4
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieUserList
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieSiteList
2014-05-08 08:00 - 2014-05-08 08:00 - 36060610 _____ () C:\Users\Xavier\Downloads\[AnonDB.org]samantha_ong_ammy_s_sex_tape.rar
2014-05-08 07:38 - 2014-05-13 16:33 - 2205661922 _____ () C:\Users\Xavier\Downloads\0312-CESD-042.mkv
2014-05-07 07:56 - 2014-05-07 07:56 - 47963363 _____ () C:\Users\Xavier\Downloads\AdorkableRawr (5).flv
2014-05-07 07:54 - 2014-05-07 07:54 - 26337881 _____ () C:\Users\Xavier\Downloads\webcam 09.mp4
2014-05-07 07:50 - 2014-05-07 07:50 - 41276298 _____ () C:\Users\Xavier\Downloads\480P_600k_25096452.mp4
2014-05-06 23:57 - 2014-05-15 11:39 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-05 07:00 - 2014-06-03 17:29 - 00032441 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-05 07:00 - 2014-06-03 17:29 - 00000000 ____D () C:\FRST
2014-06-05 07:00 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Temp
2014-06-05 06:56 - 2014-06-03 08:43 - 00000000 ____D () C:\AdwCleaner
2014-06-05 06:50 - 2014-06-03 17:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 06:47 - 2010-11-26 08:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA.job
2014-06-05 06:46 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 06:46 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 06:45 - 2014-06-05 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-05 06:42 - 2014-05-31 16:15 - 00172139 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 06:38 - 2014-06-05 06:38 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-05 06:38 - 2014-06-03 08:58 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-05 06:38 - 2014-02-17 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\TaobaoProtect
2014-06-05 06:38 - 2013-11-26 15:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 06:38 - 2012-09-02 09:38 - 00000286 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-06-05 06:38 - 2012-09-01 21:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-05 06:38 - 2012-09-01 21:11 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2014-06-05 06:35 - 2014-06-05 06:35 - 00000168 _____ () C:\Windows\setupact.log
2014-06-05 06:35 - 2014-06-05 06:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-05 06:35 - 2010-06-16 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-05 06:35 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 22:52 - 2014-06-04 22:51 - 594004776 _____ () C:\Users\Xavier\Downloads\ZhangJie.zip
2014-06-04 22:34 - 2013-11-26 15:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 22:10 - 2012-08-20 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 18:15 - 2013-05-18 14:25 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\BitTorrent
2014-06-03 20:56 - 2014-06-03 17:33 - 00037762 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 20:13 - 2014-06-03 20:10 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 19:32 - 2010-06-19 21:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-03 19:32 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2010-12-06 09:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:31 - 2014-06-03 17:30 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 09:24 - 2010-08-04 07:32 - 00007595 _____ () C:\Users\Xavier\AppData\Local\Resmon.ResmonCfg
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:42 - 2014-06-03 08:42 - 01327971 _____ () C:\Users\Xavier\Downloads\adwcleaner_3.211.exe
2014-06-03 08:19 - 2014-06-03 08:19 - 02068992 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 08:07 - 2014-06-03 08:07 - 00000000 ____D () C:\Users\Xavier\Downloads\zoek
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:47 - 2010-11-26 08:53 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core.job
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-02 23:18 - 2014-06-01 12:58 - 00000000 ____D () C:\Users\Xavier\Downloads\國模~楊依[23MOV3.17G]
2014-06-02 00:56 - 2014-06-01 21:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-02 00:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 21:40 - 2013-11-26 15:58 - 00000000 ____D () C:\Program Files\Google
2014-06-01 21:40 - 2013-11-26 15:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-01 20:19 - 2014-06-01 17:48 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 16:12 - 2014-06-01 08:26 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-06-01 10:06 - 2014-06-01 10:04 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-05-31 22:39 - 2014-05-31 22:36 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:17 - 2014-05-31 19:09 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列.rm
2014-05-31 18:52 - 2014-05-31 18:42 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:50 - 2014-05-31 18:42 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:43 - 2014-05-31 18:30 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:35 - 2014-05-31 18:30 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:26 - 2014-05-31 18:09 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 18:25 - 2014-05-31 18:12 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:21 - 2014-05-31 18:17 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 13:27 - 2014-05-13 16:52 - 00000000 ____D () C:\Users\Xavier\Downloads\MDYD-910
2014-05-31 13:16 - 2014-05-31 12:23 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 13:15 - 2014-04-29 07:10 - 38258837 _____ () C:\Users\Xavier\Downloads\12345.rar
2014-05-31 12:42 - 2011-10-14 23:36 - 00000000 ____D () C:\Windows\pss
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2010-06-19 14:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-31 10:54 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-31 10:54 - 2009-07-14 12:54 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-05-31 10:54 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-31 10:36 - 2014-05-26 08:18 - 1880215890 ____R () C:\Users\Xavier\Downloads\[HD]SW-261.avi
2014-05-31 10:02 - 2014-05-25 21:14 - 1513802283 ____R () C:\Users\Xavier\Downloads\SPRD-728,.mp4
2014-05-31 01:42 - 2014-05-31 01:41 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 18:41 - 2014-05-30 08:25 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-30 16:44 - 2014-05-30 08:57 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 16:02 - 2014-05-30 16:00 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 10:01 - 2014-05-15 09:53 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-27 06:29 - 2010-06-15 23:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-10-01 21:53 - 00000000 ____D () C:\Program Files\McAfee
2014-05-26 20:07 - 2010-06-15 23:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-26 20:06 - 2014-05-26 19:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:47 - 2010-06-16 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-26 19:22 - 2010-12-20 09:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-26 08:13 - 2014-05-25 21:12 - 3212145227 ____R () C:\Users\Xavier\Downloads\[FHD]mdyd-898.mkv
2014-05-25 21:21 - 2014-05-25 21:17 - 00000000 ____D () C:\Users\Xavier\Downloads\第一會所新片
2014-05-25 10:29 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-24 23:13 - 2014-05-24 23:12 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 21:57 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier
2014-05-24 21:13 - 2014-05-23 16:13 - 00000000 ____D () C:\Windows\rescache
2014-05-24 20:35 - 2009-07-14 10:34 - 79167488 _____ () C:\Windows\system32\config\software.rmbak
2014-05-24 20:35 - 2009-07-14 10:34 - 02097152 _____ () C:\Windows\system32\config\default.rmbak
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 19:43 - 2014-04-20 15:21 - 00000000 ____D () C:\Users\Xavier\Downloads\Edited folder
2014-05-24 10:17 - 2014-05-23 22:19 - 2541015649 ____R () C:\Users\Xavier\Downloads\hunt843B,.wmv
2014-05-23 08:48 - 2012-06-03 13:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-23 08:48 - 2010-06-18 15:43 - 00000000 ____D () C:\Temp
2014-05-23 08:45 - 2012-06-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-22 17:18 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files\stinger
2014-05-21 23:43 - 2014-05-21 23:29 - 00000000 ____D () C:\Users\Xavier\Downloads\DSKM-102
2014-05-21 18:04 - 2009-07-14 13:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-17 09:29 - 2013-03-20 08:25 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 09:10 - 2013-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 00:49 - 2010-08-17 17:41 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\SoftGrid Client
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 17:31 - 2013-12-26 21:47 - 00014915 _____ () C:\Users\Xavier\Documents\My Toys.xlsx
2014-05-15 11:56 - 2010-06-18 15:25 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 11:48 - 2012-08-20 08:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 11:48 - 2012-06-10 23:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 11:48 - 2012-06-10 23:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 11:45 - 2010-06-18 15:29 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 11:39 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 11:25 - 2010-06-16 15:16 - 00000000 ____D () C:\dell
2014-05-15 10:18 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:53 - 2010-06-18 15:29 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Dell
2014-05-15 09:53 - 2010-06-16 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:52 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\Dell
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2013-07-12 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:50 - 2013-12-03 17:32 - 00000000 ____D () C:\Users\Xavier\AppData\Local\NVIDIA Corporation
2014-05-14 23:50 - 2012-06-03 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-14 23:45 - 2010-06-18 19:44 - 00000000 ____D () C:\Users\Xavier\Tracing
2014-05-13 22:48 - 2010-10-20 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Windows Live
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 22:44 - 2013-07-08 16:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-13 22:43 - 2013-07-08 16:13 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-13 22:43 - 2013-07-08 16:13 - 00001382 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-13 22:43 - 2010-10-20 17:39 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-05-13 22:42 - 2013-07-08 16:12 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-13 22:42 - 2010-06-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-13 16:33 - 2014-05-08 07:38 - 2205661922 _____ () C:\Users\Xavier\Downloads\0312-CESD-042.mkv
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-12 07:26 - 2014-06-03 17:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 17:53 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2010-12-06 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 14:14 - 2014-05-15 09:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 14:11 - 2014-05-15 09:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-09 07:09 - 2014-05-09 07:09 - 43723586 _____ () C:\Users\Xavier\Downloads\IMG_0475.MOV
2014-05-09 07:06 - 2014-05-09 07:06 - 18943573 _____ () C:\Users\Xavier\Downloads\Esc1.mp4
2014-05-09 06:55 - 2014-05-09 06:55 - 17806141 _____ () C:\Users\Xavier\Downloads\girl.wmv
2014-05-09 06:38 - 2014-05-09 06:38 - 26870080 _____ () C:\Users\Xavier\Downloads\downblouse.mp4
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieUserList
2014-05-08 17:32 - 2014-05-08 17:32 - 00000000 __SHD () C:\Users\Xavier\AppData\Local\EmieSiteList
2014-05-08 08:00 - 2014-05-08 08:00 - 36060610 _____ () C:\Users\Xavier\Downloads\[AnonDB.org]samantha_ong_ammy_s_sex_tape.rar
2014-05-07 07:56 - 2014-05-07 07:56 - 47963363 _____ () C:\Users\Xavier\Downloads\AdorkableRawr (5).flv
2014-05-07 07:54 - 2014-05-07 07:54 - 26337881 _____ () C:\Users\Xavier\Downloads\webcam 09.mp4
2014-05-07 07:50 - 2014-05-07 07:50 - 41276298 _____ () C:\Users\Xavier\Downloads\480P_600k_25096452.mp4
2014-05-07 07:29 - 2013-11-26 15:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 07:29 - 2013-11-26 15:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 23:42 - 2010-11-26 08:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA
2014-05-06 23:42 - 2010-11-26 08:53 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core
2014-05-06 12:40 - 2014-05-15 09:22 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 12:17 - 2014-05-15 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 11:25 - 2014-05-15 09:22 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 11:07 - 2014-05-15 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 11:00 - 2014-05-15 09:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 10:10 - 2014-05-15 09:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 17:53

==================== End Of Log ============================

 

 

Link to post
Share on other sites
xavierwan

xavierwan

Posted
  • Author
Posted

And the Additional scan log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Xavier at 2014-06-05 07:01:15
Running from C:\Users\Xavier\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Alipay security control 3.7.0.0 (x32 Version: 3.7.0.0 - Alipay.com Co., Ltd.) Hidden
AlipayDHC 1.1.0.0 (x32 Version: 1.1.0.0 - Alipay.com Co., Ltd.) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV Player (HKLM-x32\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.31141 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.7.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.8.0.5 - Canon Inc.)
Canon SELPHY CP780 (HKLM\...\Canon SELPHY CP780) (Version:  - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.1.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities SELPHY Photo Print (HKLM-x32\...\SELPHY Photo Print) (Version: 1.0.1.5 - Canon Inc.)
Canon Utilities SELPHY Print Contents 1.0.0 (HKLM-x32\...\SELPHY Print Contents 100) (Version: 1.0.0.8 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.2.33 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.1.10 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.3.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.4.11327 - Blizzard Entertainment)
Dragon Nest SEA (HKLM-x32\...\{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}) (Version: 1.41.0000 - Shanda Games International)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
iFunbox (v2.6.2375.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.6.2375.747 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Control Panel 320.78 (Version: 320.78 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2078 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Ö§¸¶±¦°²È«¿Ø¼þ 3.22.0.0 (HKLM-x32\...\alieditplus) (Version: 3.22.0.0 - Alipay.com Co., Ltd.)
Opera Next 18.0.1284.26 (HKLM-x32\...\Opera 18.0.1284.26) (Version: 18.0.1284.26 - Opera Software ASA)
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photomatix Pro version 3.2.7 (HKLM\...\PhotomatixPro3x32_is1) (Version: 3.2.7 - HDRsoft Sarl)
PIXresizer 2.0.4 (HKLM-x32\...\PIXresizer_is1) (Version:  - Bluefive software)
PocketWizard Utility (HKLM-x32\...\{B8D5132A-0E69-4EDC-B4CB-8C13E0B75865}) (Version: 1.35 - LPA Design)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
ProShow Plugins for Lightroom (HKLM-x32\...\ProShow Plugins for Lightroom) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Anansi (HKLM-x32\...\{58AA0670-2352-424B-BE5F-CF59EDD07EA0}) (Version: 1.05.04 - Razer USA Ltd.)
Razer Anansi Firmware Updater (HKLM-x32\...\{1A2AADF0-6832-4471-8A15-EB068B7DC9F1}) (Version: 1.02.03 - Razer USA Ltd.)
Razer Imperator (HKLM-x32\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Razer Imperator Firmware Updater (HKLM-x32\...\{D9292112-253F-438D-B1AB-432E5A1FE1B5}) (Version: 1.16.00 - Razer USA Ltd.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeTransaction 5.10.0.0 (x32 Version: 5.10.0.0 - Alipay.com Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.49.1000 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Windows 7 Codec Pack 3.4.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 3.4.0 - Windows 7 Codec Pack)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode version 3.1.6.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.6.9 - XMedia Recode)

==================== Restore Points  =========================

02-06-2014 15:12:55 Installed QuickTime 7
02-06-2014 15:42:33 McAfee Vulnerability Scanner
03-06-2014 09:36:12 Windows Update

==================== Hosts content: ==========================

2010-06-20 03:40 - 2010-06-20 10:24 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {206C80AA-C2A4-47EC-9DE3-BFA55096BABC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2B165DDC-7021-4997-BB61-128AB358D408} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {4E5515AE-C858-416A-9E0F-13AC85BB8D05} - System32\Tasks\auto shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {524DAB8A-3B07-4DF5-B6D0-211D28B21364} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {622379C4-767C-4569-9E0F-4E3A08450191} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6E637F4D-CB25-4968-9865-FFC6EC16C24A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {7FBA6396-FC70-4345-9515-92C115E55933} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8C83E7EB-773E-4078-BA06-4C045CF3A011} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {8C99B018-C281-4F49-A4CD-121819ED5534} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {9ADEE012-4786-47E2-95C0-9CE162AAC4AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {9D1CD1B6-EC6E-4BA3-9218-EA7EFF5F722A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {AE5E121C-71F6-4E9D-9CD5-17CF419C66C2} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-07-23] (PC Tools)
Task: {B0ECA1C8-6AC4-47F7-924B-CB367BE4E55A} - System32\Tasks\PC shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {B4CDBAAC-812C-4576-BD69-08F8AADA9CAC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B6C47911-09DC-4D26-BE4B-D4B2E1E64673} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BE4867D3-1445-4779-A1F2-8691A72DF98A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C0758E40-AE18-4282-8AC1-F966E0EA5FA1} - System32\Tasks\AdobeAAMUpdater-1.0-Xavier-PC-Xavier => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {C4E8939A-50F9-4B49-80A7-F9E1EAF1D0AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26] (Google Inc.)
Task: {C5916752-8F95-4FF9-A48C-481EE0BFA920} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26] (Google Inc.)
Task: {C7BE2B8F-50B4-4B8E-AFB3-4CFB4E1C753A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {D314192E-059E-47EA-88E7-E88A50E19F86} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\real\realplayer\update\realsched.exe [2013-12-21] (RealNetworks, Inc.)
Task: {E1BB9C8E-4707-416A-A4F5-4AA9729A86F9} - System32\Tasks\Google Updater and Installer => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26] (Google Inc.)
Task: {EA0D917A-EC94-49A9-9C02-75EED3AEF32B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-22] (Adobe Systems Incorporated)
Task: {F4BD8612-3B20-45EA-B6C5-4D02790BA142} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core.job => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA.job => C:\Users\Xavier\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe

==================== Loaded Modules (whitelisted) =============

2012-06-03 13:11 - 2013-08-10 04:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-12 22:01 - 2014-02-12 22:01 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\cf2f71599d9d7f8b91695683eb030cb1\VistaBridgeLibrary.ni.dll
2009-12-15 21:14 - 2009-12-15 21:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-15 23:55 - 2010-07-21 23:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-15 23:55 - 2010-07-21 23:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-15 23:55 - 2010-07-21 23:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2014-05-16 23:41 - 2014-05-16 23:41 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-15 11:48 - 2014-05-15 11:48 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SELPHY Photo Print Launcher.lnk => C:\Windows\pss\SELPHY Photo Print Launcher.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\Xavier\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellSupportCenter =>
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Razer Anansi Driver => C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe
MSCONFIG\startupreg: Razer Imperator Driver => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== Faulty Device Manager Devices =============

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2014 06:45:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0xde8
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/05/2014 06:44:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x1370
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/05/2014 06:43:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x1180
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/05/2014 06:40:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x1a08
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/05/2014 06:38:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x2178
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/05/2014 06:38:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (6532) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Xavier\AppData\Local\Microsoft\Windows\WebCache\V0100001.log.

Error: (06/05/2014 06:36:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x644
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/04/2014 06:12:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x14fc
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/04/2014 03:02:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x1b40
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/04/2014 03:02:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Exception code: 0x40000015
Fault offset: 0x0000000000023799
Faulting process id: 0x824
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3


System errors:
=============
Error: (06/05/2014 06:45:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Platform Services service terminated unexpectedly.  It has done this 5 time(s).

Error: (06/05/2014 06:45:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee VirusScan Announcer service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/05/2014 06:45:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 6 time(s).

Error: (06/05/2014 06:45:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Home Network service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/05/2014 06:44:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Platform Services service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/05/2014 06:44:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee VirusScan Announcer service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/05/2014 06:44:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 5 time(s).

Error: (06/05/2014 06:43:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Anti-Spam Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/05/2014 06:43:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Proxy Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/05/2014 06:43:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Platform Services service terminated unexpectedly.  It has done this 3 time(s).


Microsoft Office Sessions:
=========================
Error: (06/05/2014 06:45:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae400000150000000000023799de801cf8046948428feC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exef634a6c7-ec39-11e3-b8a6-b8ac6fa665a0

Error: (06/05/2014 06:44:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae400000150000000000023799137001cf804679ac46cfC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exec93ac760-ec39-11e3-b8a6-b8ac6fa665a0

Error: (06/05/2014 06:43:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae400000150000000000023799118001cf80465d0e921bC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exead3ab48b-ec39-11e3-b8a6-b8ac6fa665a0

Error: (06/05/2014 06:40:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae4000001500000000000237991a0801cf8045ac4b204cC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe4c3aa852-ec39-11e3-b8a6-b8ac6fa665a0

Error: (06/05/2014 06:38:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae400000150000000000023799217801cf804591fd326fC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exee4bbbb23-ec38-11e3-b8a6-b8ac6fa665a0

Error: (06/05/2014 06:38:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost6532WebCacheLocal: C:\Users\Xavier\AppData\Local\Microsoft\Windows\WebCache\V0100001.log-1811

Error: (06/05/2014 06:36:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae40000015000000000002379964401cf80454febf586C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeaae81db4-ec38-11e3-b8a6-b8ac6fa665a0

Error: (06/04/2014 06:12:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae40000015000000000002379914fc01cf7fc30c881e99C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exebb407ad7-ebd0-11e3-bc6a-b8ac6fa665a0

Error: (06/04/2014 03:02:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae4000001500000000000237991b4001cf7fc2ec3c965aC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe34070f8f-ebb6-11e3-bc6a-b8ac6fa665a0

Error: (06/04/2014 03:02:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMcSvHost.exe3.8.703.051f7deae40000015000000000002379982401cf7fc2a67b6d02C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe2623682f-ebb6-11e3-bc6a-b8ac6fa665a0


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 3959.12 MB
Available physical RAM: 1738.58 MB
Total Pagefile: 7916.41 MB
Available Pagefile: 5247.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:260.69 GB) (Free:19.29 GB) NTFS
Drive i: (Censored Movies N-Z) (Fixed) (Total:931.48 GB) (Free:2.73 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:195.31 GB) (Free:19.82 GB) NTFS
Drive k: (Itunes Medias) (Fixed) (Total:596.17 GB) (Free:186.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C0000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=261 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195 GB) - (Type=OF Extended)

========================================================
Disk: 5 (Size: 931 GB) (Disk ID: AAFD8C80)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 596 GB) (Disk ID: 0124982C)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites
xavierwan

xavierwan

Posted
  • Author
Posted

No Sure if anyone is assist me with this issue..

Anyway below is the updated FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Xavier (administrator) on XAVIER-PC on 08-06-2014 18:22:39
Running from C:\Users\Xavier\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Alipay Inc. ) C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
(Alipay Inc. ) C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft

Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager

\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103936 2012-07-23]

(PC Tools)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe

Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

[963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-21]

(RealNetworks, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink

Corp.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-

02] (Oracle Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19]

(Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware

\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8888;https=127.0.0.1:8888
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF4CE896E19ACE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q=

{searchTerms}

&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCy

EtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y

1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}

&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCy

EtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y

1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q=

{searchTerms}

&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCy

EtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y

1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}

&a=spd_wnzp_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0AyCyCyD0AtD0DyDzz0AtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCy

EtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0DyD0DyByDtBtGtAtCzyyBtGyD0AzyyEtGyEzy0E0DtGtCtAyEyByE0D0FtDtAzztAzy2QtN1M1F1B2Z1V1N2Y

1L1Qzu2SyD0EtA0DzzyCzz0BtGyEzy0EyBtG0ByEzz0FtGyDzyzy0EtGtD0AtDtCyCzztCzy0FzytDyB2Q&cr=1730858102&ir=
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle

Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor

\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

(Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan

\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:

\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

(Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor

\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin

\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee

\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee

\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {286A75C3-11FB-4FB4-AC4A-4DD1B0750050}

https://accesscontrol.citibank.co.kr/acsapp/initech/plugin/down/INIS60.cab
DPF: HKLM-x32 {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4_WOW64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

(McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee,

Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

(McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee,

Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

(Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee,

Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

(McAfee, Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16

FireFox:
========
FF ProfilePath: C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default
FF Homepage: https://www.google.com.sg/
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\SysWOW64\aliedit\3.7.0.0\npAliSecCtrl64.dll (Alipay.com Inc. )
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle

Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft

Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @alipay.com/npalidcp - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle

Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle

Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll (

Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

(Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

(NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

(RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader

\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins

\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader

\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin

\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin

\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

(RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins

\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

(Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Xavier\AppData\Local\Google\Update

\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Xavier\AppData\Local\Google\Update

\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles

\aowsmlju.default\Extensions\artur.dubovoy@gmail.com [2014-05-18]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles

\aowsmlju.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-08-05]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default

\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-07-12]
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader

\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader

\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-05-26]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions

\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-

681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application

\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions

\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

(Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins

\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin

\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA

Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer

\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Xavier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions

\fheoggkfdfchfphceeifdbepaooicaho [2011-08-29]
CHR Extension: (RealDownloader) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions

\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-04]
CHR Extension: (FlashControl) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions

\mfidmkgnfgnkihnjeklbekckimkipmoe [2012-03-30]
CHR Extension: (Google Wallet) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

[2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader

\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com)
R2 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes

Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes

Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30]

(McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-05-01] (NVIDIA

Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-05-01] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793088 2012-07-23] (PC Tools)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056

2013-08-14] ()

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and

SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and

SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 scskusbf; syswow64\drivers\scskusbf.sys [X]
S3 scskusbs; syswow64\drivers\scskusbs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-08 18:22 - 2014-06-08 18:22 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST-OlderVersion
2014-06-08 13:45 - 2014-06-08 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-07 21:02 - 2014-06-07 21:02 - 00000634 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-07 19:23 - 2014-06-08 13:41 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-

5-21-2410269394-236509034-534361320-1000
2014-06-07 19:20 - 2014-06-08 13:32 - 00000504 _____ () C:\Windows\setupact.log
2014-06-07 19:20 - 2014-06-07 19:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-07 10:59 - 2014-06-07 11:27 - 1102351183 ____R () C:\Users\Xavier\Downloads\snis166.avi
2014-06-07 10:50 - 2014-06-07 11:29 - 1657096989 ____R () C:\Users\Xavier\Downloads\MADM-005.mp4
2014-06-06 18:54 - 2014-06-06 18:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 18:36 - 2014-06-06 18:41 - 139282600 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_06_13_25.exe
2014-06-06 17:50 - 2014-06-06 17:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 17:02 - 2014-06-06 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 17:00 - 2014-06-06 17:00 - 05245952 _____ () C:\Users\Xavier\Downloads\RogueKillerX64.exe
2014-06-06 16:40 - 2014-06-06 16:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-

2.0.2.1012(2).exe
2014-06-06 16:37 - 2014-06-07 20:49 - 00002218 _____ () C:\Users\Xavier\Desktop\Rkill.txt
2014-06-06 16:37 - 2014-06-06 16:37 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Xavier\Downloads\rkill.exe
2014-06-06 00:24 - 2014-06-06 00:24 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner.exe
2014-06-05 22:04 - 2014-06-05 23:40 - 00000000 ____D () C:\Users\Xavier\Downloads\1Pondo-060314_820-HD
2014-06-05 22:00 - 2014-06-06 00:08 - 00000000 ____D () C:\Users\Xavier\Downloads\Heyzo-0610-HD
2014-06-03 20:10 - 2014-06-03 20:13 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security

Scan Plus
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 17:56 - 2014-06-08 14:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 17:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-

2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:33 - 2014-06-05 07:02 - 00042427 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 17:30 - 2014-06-03 17:31 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 17:29 - 2014-06-08 18:22 - 00032053 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-03 17:29 - 2014-06-08 18:22 - 00000000 ____D () C:\FRST
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:58 - 2014-06-08 13:41 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21

-2410269394-236509034-534361320-1000
2014-06-03 08:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:43 - 2014-06-07 20:46 - 00000000 ____D () C:\AdwCleaner
2014-06-03 08:19 - 2014-06-08 18:22 - 02072576 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 21:56 - 2014-06-02 00:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-01 17:48 - 2014-06-01 20:19 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 10:04 - 2014-06-01 10:06 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-06-01 08:26 - 2014-06-01 16:12 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-05-31 22:36 - 2014-05-31 22:39 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:09 - 2014-05-31 19:17 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:42 - 2014-05-31 18:52 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:42 - 2014-05-31 18:50 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:30 - 2014-05-31 18:43 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:30 - 2014-05-31 18:35 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:17 - 2014-05-31 18:21 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 18:12 - 2014-05-31 18:25 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:09 - 2014-05-31 18:26 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 16:15 - 2014-06-08 13:36 - 00304741 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 12:23 - 2014-05-31 13:16 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 01:41 - 2014-05-31 01:42 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 16:00 - 2014-05-30 16:02 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 08:57 - 2014-05-30 16:44 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 08:25 - 2014-05-30 18:41 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:58 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-05-26 19:57 - 2014-05-26 20:06 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-24 23:12 - 2014-05-24 23:13 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_

♡ - YouTube [720p].mp4
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 08:31 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 08:31 - 2014-01-04 06:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-23 16:13 - 2014-05-24 21:13 - 00000000 ____D () C:\Windows\rescache
2014-05-23 08:49 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-23 08:49 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows

\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-23 08:49 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows

\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-23 08:49 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-23 08:49 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-23 08:49 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-23 08:49 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-23 08:42 - 2013-09-25 10:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-23 08:42 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads

\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:41 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-20 06:41 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 09:53 - 2014-05-30 10:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 10:18 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 09:22 - 2014-05-06 12:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:22 - 2014-05-06 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 09:22 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:18 - 2014-05-09 14:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 09:18 - 2014-03-25 10:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 09:18 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 09:17 - 2014-05-09 14:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 09:15 - 2014-04-12 10:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 09:15 - 2014-03-04 17:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 09:15 - 2014-03-04 17:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 09:14 - 2014-04-12 10:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 09:14 - 2014-04-12 10:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 09:14 - 2014-04-12 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 09:14 - 2014-04-12 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 23:49 - 2014-04-01 00:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-14 23:49 - 2014-04-01 00:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-09 07:09 - 2014-05-09 07:09 - 43723586 _____ () C:\Users\Xavier\Downloads\IMG_0475.MOV
2014-05-09 07:06 - 2014-05-09 07:06 - 18943573 _____ () C:\Users\Xavier\Downloads\Esc1.mp4
2014-05-09 06:55 - 2014-05-09 06:55 - 17806141 _____ () C:\Users\Xavier\Downloads\girl.wmv
2014-05-09 06:38 - 2014-05-09 06:38 - 26870080 _____ () C:\Users\Xavier\Downloads\downblouse.mp4

==================== One Month Modified Files and Folders =======

2014-06-08 18:23 - 2014-06-03 17:29 - 00032053 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-08 18:23 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Temp
2014-06-08 18:22 - 2014-06-08 18:22 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST-OlderVersion
2014-06-08 18:22 - 2014-06-03 17:29 - 00000000 ____D () C:\FRST
2014-06-08 18:22 - 2014-06-03 08:19 - 02072576 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-08 18:18 - 2013-05-18 14:25 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\BitTorrent
2014-06-08 18:10 - 2012-08-20 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 17:57 - 2014-02-17 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\TaobaoProtect
2014-06-08 17:47 - 2010-11-26 08:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-

534361320-1000UA.job
2014-06-08 17:34 - 2013-11-26 15:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-08 15:26 - 2014-05-31 16:15 - 00304741 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 14:13 - 2014-06-03 17:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 13:45 - 2014-06-08 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-08 13:41 - 2014-06-07 19:23 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-

5-21-2410269394-236509034-534361320-1000
2014-06-08 13:41 - 2014-06-03 08:58 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21

-2410269394-236509034-534361320-1000
2014-06-08 13:41 - 2012-09-02 09:38 - 00000286 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-06-08 13:41 - 2012-09-01 21:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-08 13:40 - 2013-11-26 15:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-08 13:40 - 2012-09-01 21:11 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2014-06-08 13:39 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 13:39 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 13:32 - 2014-06-07 19:20 - 00000504 _____ () C:\Windows\setupact.log
2014-06-08 13:32 - 2010-06-16 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-08 13:32 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 21:06 - 2010-06-18 15:25 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Startup
2014-06-07 21:02 - 2014-06-07 21:02 - 00000634 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-07 20:49 - 2014-06-06 16:37 - 00002218 _____ () C:\Users\Xavier\Desktop\Rkill.txt
2014-06-07 20:46 - 2014-06-03 08:43 - 00000000 ____D () C:\AdwCleaner
2014-06-07 19:20 - 2014-06-07 19:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-07 11:29 - 2014-06-07 10:50 - 1657096989 ____R () C:\Users\Xavier\Downloads\MADM-005.mp4
2014-06-07 11:27 - 2014-06-07 10:59 - 1102351183 ____R () C:\Users\Xavier\Downloads\snis166.avi
2014-06-06 23:47 - 2010-11-26 08:53 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-

534361320-1000Core.job
2014-06-06 18:54 - 2014-06-06 18:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 18:41 - 2014-06-06 18:36 - 139282600 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_06_13_25.exe
2014-06-06 17:50 - 2014-06-06 17:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 17:02 - 2014-06-06 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 17:00 - 2014-06-06 17:00 - 05245952 _____ () C:\Users\Xavier\Downloads\RogueKillerX64.exe
2014-06-06 16:41 - 2014-06-06 16:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-

2.0.2.1012(2).exe
2014-06-06 16:37 - 2014-06-06 16:37 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Xavier\Downloads\rkill.exe
2014-06-06 00:24 - 2014-06-06 00:24 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner.exe
2014-06-06 00:08 - 2014-06-05 22:00 - 00000000 ____D () C:\Users\Xavier\Downloads\Heyzo-0610-HD
2014-06-05 23:40 - 2014-06-05 22:04 - 00000000 ____D () C:\Users\Xavier\Downloads\1Pondo-060314_820-HD
2014-06-05 07:02 - 2014-06-03 17:33 - 00042427 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 20:13 - 2014-06-03 20:10 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security

Scan Plus
2014-06-03 19:32 - 2014-06-03 19:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 19:32 - 2010-06-19 21:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-03 19:32 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2010-12-06 09:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-

2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:31 - 2014-06-03 17:30 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 09:24 - 2010-08-04 07:32 - 00007595 _____ () C:\Users\Xavier\AppData\Local\Resmon.ResmonCfg
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:45 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-02 00:56 - 2014-06-01 21:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-02 00:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 21:40 - 2013-11-26 15:58 - 00000000 ____D () C:\Program Files\Google
2014-06-01 21:40 - 2013-11-26 15:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-01 20:19 - 2014-06-01 17:48 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 16:12 - 2014-06-01 08:26 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-06-01 10:06 - 2014-06-01 10:04 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-05-31 22:39 - 2014-05-31 22:36 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:17 - 2014-05-31 19:09 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:52 - 2014-05-31 18:42 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:50 - 2014-05-31 18:42 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:43 - 2014-05-31 18:30 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:35 - 2014-05-31 18:30 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:26 - 2014-05-31 18:09 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 18:25 - 2014-05-31 18:12 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:21 - 2014-05-31 18:17 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 13:16 - 2014-05-31 12:23 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 13:15 - 2014-04-29 07:10 - 38258837 _____ () C:\Users\Xavier\Downloads\12345.rar
2014-05-31 12:42 - 2011-10-14 23:36 - 00000000 ____D () C:\Windows\pss
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2010-06-19 14:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-31 10:54 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative

Tools
2014-05-31 10:54 - 2009-07-14 12:54 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-05-31 10:54 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-31 01:42 - 2014-05-31 01:41 - 988971215 _____ () C:\Users\Xavier\Downloads\Public Agent E142 - Marica.mp4
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 18:41 - 2014-05-30 08:25 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-30 16:44 - 2014-05-30 08:57 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 16:02 - 2014-05-30 16:00 - 1902750629 _____ () C:\Users\Xavier\Downloads\H宫帝王之妾720P韩语中字.mp4
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 10:01 - 2014-05-15 09:53 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-27 06:29 - 2010-06-15 23:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 20:07 - 2013-10-01 21:53 - 00000000 ____D () C:\Program Files\McAfee
2014-05-26 20:07 - 2010-06-15 23:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-26 20:06 - 2014-05-26 19:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 20:05 - 2014-05-26 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-26 20:03 - 2014-05-26 20:03 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:47 - 2010-06-16 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-26 19:22 - 2010-12-20 09:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-25 10:29 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-24 23:13 - 2014-05-24 23:12 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_

♡ - YouTube [720p].mp4
2014-05-24 21:57 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier
2014-05-24 21:13 - 2014-05-23 16:13 - 00000000 ____D () C:\Windows\rescache
2014-05-24 20:35 - 2009-07-14 10:34 - 79167488 _____ () C:\Windows\system32\config\software.rmbak
2014-05-24 20:35 - 2009-07-14 10:34 - 02097152 _____ () C:\Windows\system32\config\default.rmbak
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 19:43 - 2014-04-20 15:21 - 00000000 ____D () C:\Users\Xavier\Downloads\Edited folder
2014-05-23 08:48 - 2012-06-03 13:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-23 08:48 - 2010-06-18 15:43 - 00000000 ____D () C:\Temp
2014-05-23 08:45 - 2012-06-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA

Corporation
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads

\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-22 17:18 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files\stinger
2014-05-21 18:04 - 2009-07-14 13:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-17 09:29 - 2013-03-20 08:25 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader

XI.lnk
2014-05-17 09:10 - 2013-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 00:49 - 2010-08-17 17:41 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\SoftGrid Client
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 17:31 - 2013-12-26 21:47 - 00014915 _____ () C:\Users\Xavier\Documents\My Toys.xlsx
2014-05-15 11:48 - 2012-08-20 08:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 11:48 - 2012-06-10 23:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 11:48 - 2012-06-10 23:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 11:45 - 2010-06-18 15:29 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Administrative Tools
2014-05-15 11:39 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 11:25 - 2010-06-16 15:16 - 00000000 ____D () C:\dell
2014-05-15 10:18 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:53 - 2010-06-18 15:29 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Dell
2014-05-15 09:53 - 2010-06-16 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:52 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\Dell
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2013-07-12 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:50 - 2013-12-03 17:32 - 00000000 ____D () C:\Users\Xavier\AppData\Local\NVIDIA Corporation
2014-05-14 23:50 - 2012-06-03 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-14 23:45 - 2010-06-18 19:44 - 00000000 ____D () C:\Users\Xavier\Tracing
2014-05-13 22:48 - 2010-10-20 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Windows Live
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 22:44 - 2013-07-08 16:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-13 22:43 - 2013-07-08 16:13 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

Mail.lnk
2014-05-13 22:43 - 2013-07-08 16:13 - 00001382 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo

Gallery.lnk
2014-05-13 22:43 - 2010-10-20 17:39 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

Messenger.lnk
2014-05-13 22:42 - 2013-07-08 16:12 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-13 22:42 - 2010-06-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-13 16:33 - 2014-05-08 07:38 - 2205661922 _____ () C:\Users\Xavier\Downloads\0312-CESD-042.mkv
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-12 07:26 - 2014-06-03 17:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 17:53 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2010-12-06 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 14:14 - 2014-05-15 09:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 14:11 - 2014-05-15 09:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-09 07:09 - 2014-05-09 07:09 - 43723586 _____ () C:\Users\Xavier\Downloads\IMG_0475.MOV
2014-05-09 07:06 - 2014-05-09 07:06 - 18943573 _____ () C:\Users\Xavier\Downloads\Esc1.mp4
2014-05-09 06:55 - 2014-05-09 06:55 - 17806141 _____ () C:\Users\Xavier\Downloads\girl.wmv
2014-05-09 06:38 - 2014-05-09 06:38 - 26870080 _____ () C:\Users\Xavier\Downloads\downblouse.mp4

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-08 14:08

==================== End Of Log ============================

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello and :welcome:

 

Sorry for the delay

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites
xavierwan

xavierwan

Posted
  • Author
Posted

Hi,

Thanks for your time and help

FYI, while waiting for your assistant i have use sw which was mention here and also others such as rkill, tdsskiller, ESET Online Scanner.

They have detected and quarantine some malwares, the multiple COM_Surrogate issue slowing down the PC seem to have improved but I still constantly get alert fro my McAfee that the Firewall has being turned off thus I am not sure if the issue has being resolved or it has went into hiding mode.

 

Mbam Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/6/2014
Scan Time: 7:10:44 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.10.03
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Xavier

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292945
Time Elapsed: 15 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

RogueKiller log

 

RogueKiller V9.0.2.0 (x64) [Jun  3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Xavier [Admin rights]
Mode : Scan -- Date : 06/10/2014  19:49:52

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess] mcshield.exe -- [x] -> ERROR [12]

¤¤¤ Registry Entries : 22 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8888;https=127.0.0.1:8888  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8888;https=127.0.0.1:8888  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2410269394-236509034-534361320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] aowsmlju.default : user_pref("network.proxy.type", 4); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-75V0A0 ATA Device +++++
--- User ---
[MBR] 2531f6f063126ba542309fe26645f11d
[bSP] 48081e6a437bd5449e687366a06b2581 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 145408 | Size: 9918 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 20457472 | Size: 266950 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 567171072 | Size: 200000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: BUFFALO HD-PNTU3 USB Device +++++
--- User ---
[MBR] 464c0913be10225d44a7fe17cb85f60f
[bSP] f6225436a928e9b2209beb4b66d5e096 : Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953839 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Seagate Portable USB Device +++++
--- User ---
[MBR] a54981ea7ae9ebe3f8ed859b685076d0
[bSP] 26af252a10ce5ebd6327e9957650db4c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive7: BUFFALO HD-PNTU3 USB Device +++++
--- User ---
[MBR] e9de1f7590e750cc3182c0612d071363
[bSP] b28bf549b66b6f32c881c3eaf2225cf8 : Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953839 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_06062014_172438.log - RKreport_SCN_06062014_172210.log

 

Thanks again

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

It's possible that the McAfee installation was somehow damaged but we'll go ahead and run some other scans and fixes and see if we can get you fixed up.

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites
xavierwan

xavierwan

Posted
  • Author
Posted

Hi,

Step 4 JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Xavier on Wed 11/06/2014 at 19:29:06.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/06/2014 at 19:35:21.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Step 5 AdwCleaner log

# AdwCleaner v3.212 - Report created 11/06/2014 at 19:36:41
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Xavier - XAVIER-PC
# Running from : C:\Users\Xavier\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7601 octets] - [03/06/2014 08:52:26]
AdwCleaner[R10].txt - [1855 octets] - [06/06/2014 17:38:04]
AdwCleaner[R11].txt - [1976 octets] - [07/06/2014 20:46:14]
AdwCleaner[R12].txt - [2037 octets] - [09/06/2014 23:56:42]
AdwCleaner[R13].txt - [2102 octets] - [10/06/2014 17:19:47]
AdwCleaner[R14].txt - [2223 octets] - [10/06/2014 23:00:30]
AdwCleaner[R15].txt - [1122 octets] - [11/06/2014 19:36:41]
AdwCleaner[R1].txt - [1396 octets] - [03/06/2014 20:18:36]
AdwCleaner[R2].txt - [1139 octets] - [03/06/2014 20:44:09]
AdwCleaner[R3].txt - [1259 octets] - [04/06/2014 15:24:31]
AdwCleaner[R4].txt - [1320 octets] - [05/06/2014 06:56:01]
AdwCleaner[R5].txt - [1916 octets] - [06/06/2014 00:26:01]
AdwCleaner[R6].txt - [1976 octets] - [06/06/2014 00:34:13]
AdwCleaner[R7].txt - [1554 octets] - [06/06/2014 00:38:47]
AdwCleaner[R8].txt - [1614 octets] - [06/06/2014 00:54:48]
AdwCleaner[R9].txt - [1734 octets] - [06/06/2014 01:12:06]
AdwCleaner[s0].txt - [7559 octets] - [03/06/2014 08:53:18]
AdwCleaner[s1].txt - [1465 octets] - [03/06/2014 20:19:59]
AdwCleaner[s2].txt - [1201 octets] - [03/06/2014 20:44:57]
AdwCleaner[s3].txt - [2043 octets] - [06/06/2014 00:35:35]
AdwCleaner[s4].txt - [1675 octets] - [06/06/2014 00:55:22]
AdwCleaner[s5].txt - [1795 octets] - [06/06/2014 01:12:33]
AdwCleaner[s6].txt - [1916 octets] - [06/06/2014 17:39:00]
AdwCleaner[s7].txt - [2162 octets] - [10/06/2014 17:20:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R15].txt - [2203 octets] ##########
 

Step 6 Mbam log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/6/2014
Scan Time: 7:32:12 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.11.03
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Xavier

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292426
Time Elapsed: 10 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Step 7 ESET scan log

C:\AdwCleaner\Quarantine\C\Users\Xavier\AppData\Roaming\OpenCandy\A699D028A1394B73949ECBC3DE0AB3CF\PCSU_SL_3.1.2.exe.vir    a variant of Win32/Speedchecker.A potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Xavier\Documents\PCSUUpdate.exe    a variant of Win32/Speedchecker.A potentially unwanted application
 

Step 8 FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
Ran by Xavier (administrator) on XAVIER-PC on 11-06-2014 19:49:55
Running from C:\Users\Xavier\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Alipay Inc. ) C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
(Alipay Inc. ) C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103936 2012-07-23] (PC Tools)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2013-12-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-11] (SUPERAntiSpyware)
HKU\S-1-5-21-2410269394-236509034-534361320-1000\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF4CE896E19ACE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll No File
DPF: HKLM-x32 {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} https://accesscontrol.citibank.co.kr/acsapp/initech/plugin/down/INIS60.cab
DPF: HKLM-x32 {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4_WOW64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16

FireFox:
========
FF ProfilePath: C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default
FF Homepage: https://www.google.com.sg/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\SysWOW64\aliedit\3.7.0.0\npAliSecCtrl64.dll (Alipay.com Inc. )
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll No File
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Xavier\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\artur.dubovoy@gmail.com [2014-05-18]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-08-05]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\aowsmlju.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-07-12]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Xavier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-29]
CHR Extension: (RealDownloader) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-04]
CHR Extension: (FlashControl) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2012-03-30]
CHR Extension: (Google Wallet) - C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-09-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Xavier\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com) [File not signed]
R2 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-10-04] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-05-01] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793088 2012-07-23] (PC Tools)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mcpltsvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McProxy; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 scskusbf; syswow64\drivers\scskusbf.sys [X]
S3 scskusbs; syswow64\drivers\scskusbs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 19:49 - 2014-06-11 19:49 - 05205915 _____ (Swearware) C:\Users\Xavier\Downloads\ComboFix(1).exe
2014-06-11 19:48 - 2014-06-11 19:49 - 00400384 _____ (Farbar) C:\Users\Xavier\Downloads\MiniToolBox.exe
2014-06-11 19:48 - 2014-06-11 19:48 - 02081792 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-11 19:35 - 2014-06-11 19:35 - 00000634 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-11 16:31 - 2014-06-11 16:31 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-11 00:29 - 2014-06-11 00:29 - 02347384 _____ (ESET) C:\Users\Xavier\Downloads\esetsmartinstaller_enu.exe
2014-06-11 00:23 - 2014-06-11 00:26 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST
2014-06-11 00:12 - 2014-06-11 00:17 - 139793520 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_10_17_25.exe
2014-06-10 23:55 - 2014-06-11 16:31 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-10 23:44 - 2014-06-10 23:48 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-06-10 23:44 - 2014-06-10 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-10 23:44 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-06-10 22:41 - 2014-06-10 22:41 - 00003596 _____ () C:\Users\Xavier\Desktop\RKreport_SCN_06102014_223913.log
2014-06-10 19:08 - 2014-06-10 19:08 - 00000000 ____D () C:\Windows\ERDNT
2014-06-10 19:07 - 2014-06-10 19:07 - 00000907 _____ () C:\Users\Xavier\Desktop\ERUNT.lnk
2014-06-10 19:07 - 2014-06-10 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-10 19:07 - 2014-06-10 19:07 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-10 19:01 - 2014-06-10 19:01 - 00791393 _____ (Lars Hederer ) C:\Users\Xavier\Downloads\erunt-setup.exe
2014-06-10 18:50 - 2014-06-10 18:51 - 00000163 _____ () C:\Users\Xavier\Downloads\ckfiles.txt
2014-06-10 18:34 - 2014-06-10 18:34 - 00468480 _____ () C:\Users\Xavier\Downloads\CKScanner.exe
2014-06-10 17:12 - 2014-06-10 17:12 - 00004242 _____ () C:\Users\Xavier\Desktop\do.txt
2014-06-10 07:52 - 2014-06-10 07:52 - 522374873 _____ () C:\Users\Xavier\Downloads\Dandy-001.flv
2014-06-10 07:43 - 2014-06-10 07:43 - 476634133 _____ () C:\Users\Xavier\Downloads\DVDES-352.rmvb
2014-06-09 07:39 - 2014-06-09 07:41 - 00028338 _____ () C:\Users\Xavier\Desktop\dds.txt
2014-06-09 07:39 - 2014-06-09 07:41 - 00014292 _____ () C:\Users\Xavier\Desktop\Attach.txt
2014-06-09 07:36 - 2014-06-09 07:36 - 00688992 ____R (Swearware) C:\Users\Xavier\Downloads\dds.com
2014-06-08 18:24 - 2014-06-08 18:24 - 00070878 _____ () C:\Users\Xavier\Desktop\FRST_Lastest.txt
2014-06-08 18:22 - 2014-06-10 18:04 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST-OlderVersion
2014-06-06 18:54 - 2014-06-06 18:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 18:36 - 2014-06-06 18:41 - 139282600 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_06_13_25.exe
2014-06-06 17:50 - 2014-06-06 17:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 17:02 - 2014-06-06 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 17:00 - 2014-06-06 17:00 - 05245952 _____ () C:\Users\Xavier\Downloads\RogueKillerX64.exe
2014-06-06 16:40 - 2014-06-06 16:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-06-06 16:37 - 2014-06-10 19:06 - 00002216 _____ () C:\Users\Xavier\Desktop\Rkill.txt
2014-06-06 16:37 - 2014-06-06 16:37 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Xavier\Downloads\rkill.exe
2014-06-06 00:24 - 2014-06-10 17:19 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner.exe
2014-06-03 20:10 - 2014-06-03 20:13 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 17:56 - 2014-06-11 19:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 17:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:33 - 2014-06-05 07:02 - 00042427 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 17:30 - 2014-06-03 17:31 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 17:29 - 2014-06-11 19:50 - 00000000 ____D () C:\FRST
2014-06-03 17:29 - 2014-06-11 19:49 - 00026592 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 08:45 - 2014-06-10 17:49 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-03 08:43 - 2014-06-11 19:36 - 00000000 ____D () C:\AdwCleaner
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 21:56 - 2014-06-02 00:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-01 17:48 - 2014-06-01 20:19 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 10:04 - 2014-06-01 10:06 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-06-01 08:26 - 2014-06-01 16:12 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-05-31 22:36 - 2014-05-31 22:39 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:09 - 2014-05-31 19:17 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:42 - 2014-05-31 18:52 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:42 - 2014-05-31 18:50 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:30 - 2014-05-31 18:43 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:30 - 2014-05-31 18:35 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:17 - 2014-05-31 18:21 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 18:12 - 2014-05-31 18:25 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:09 - 2014-05-31 18:26 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 16:15 - 2014-06-11 18:31 - 00486614 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 12:23 - 2014-05-31 13:16 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 08:57 - 2014-05-30 16:44 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 08:25 - 2014-05-30 18:41 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 19:57 - 2014-06-11 16:30 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-24 23:12 - 2014-05-24 23:13 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 08:31 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 08:31 - 2014-01-04 06:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-23 16:13 - 2014-05-24 21:13 - 00000000 ____D () C:\Windows\rescache
2014-05-23 08:49 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-23 08:49 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-23 08:49 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-23 08:49 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-23 08:49 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-23 08:49 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-23 08:49 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-23 08:49 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-23 08:49 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-23 08:49 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-23 08:49 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-23 08:42 - 2013-09-25 10:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-23 08:42 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:41 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-20 06:41 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 09:53 - 2014-05-30 10:01 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 10:18 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 09:22 - 2014-05-06 12:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:22 - 2014-05-06 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:22 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 09:22 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:18 - 2014-05-09 14:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 09:18 - 2014-03-25 10:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 09:18 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 09:17 - 2014-05-09 14:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 09:15 - 2014-04-12 10:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 09:15 - 2014-03-04 17:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 09:15 - 2014-03-04 17:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 09:15 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 09:15 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 09:15 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 09:15 - 2014-03-04 17:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 09:14 - 2014-04-12 10:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 09:14 - 2014-04-12 10:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 09:14 - 2014-04-12 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 09:14 - 2014-04-12 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 09:14 - 2014-04-12 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 09:14 - 2014-04-12 10:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 09:14 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 23:49 - 2014-04-01 00:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-14 23:49 - 2014-04-01 00:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip

==================== One Month Modified Files and Folders =======

2014-06-11 19:50 - 2014-06-03 17:29 - 00026592 _____ () C:\Users\Xavier\Downloads\FRST.txt
2014-06-11 19:50 - 2014-06-03 17:29 - 00000000 ____D () C:\FRST
2014-06-11 19:50 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Temp
2014-06-11 19:49 - 2014-06-11 19:49 - 05205915 _____ (Swearware) C:\Users\Xavier\Downloads\ComboFix(1).exe
2014-06-11 19:49 - 2014-06-11 19:48 - 00400384 _____ (Farbar) C:\Users\Xavier\Downloads\MiniToolBox.exe
2014-06-11 19:48 - 2014-06-11 19:48 - 02081792 _____ (Farbar) C:\Users\Xavier\Downloads\FRST64.exe
2014-06-11 19:48 - 2014-02-17 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\TaobaoProtect
2014-06-11 19:47 - 2010-11-26 08:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000UA.job
2014-06-11 19:36 - 2014-06-03 08:43 - 00000000 ____D () C:\AdwCleaner
2014-06-11 19:35 - 2014-06-11 19:35 - 00000634 _____ () C:\Users\Xavier\Desktop\JRT.txt
2014-06-11 19:34 - 2013-11-26 15:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 19:32 - 2014-06-03 17:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 19:10 - 2012-08-20 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 18:31 - 2014-05-31 16:15 - 00486614 _____ () C:\Windows\WindowsUpdate.log
2014-06-11 16:42 - 2013-05-18 14:25 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\BitTorrent
2014-06-11 16:42 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 16:42 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 16:31 - 2014-06-11 16:31 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-11 16:31 - 2014-06-10 23:55 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2410269394-236509034-534361320-1000
2014-06-11 16:31 - 2012-09-02 09:38 - 00000286 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-06-11 16:31 - 2012-09-01 21:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-11 16:30 - 2014-05-26 19:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-06-11 16:30 - 2013-11-26 15:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 16:30 - 2013-10-01 21:53 - 00000000 ____D () C:\Program Files\McAfee
2014-06-11 16:30 - 2012-09-01 21:11 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2014-06-11 16:30 - 2010-06-16 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-11 16:30 - 2010-06-15 23:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-11 16:30 - 2010-06-15 23:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-11 16:30 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 07:56 - 2010-12-20 09:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-11 00:29 - 2014-06-11 00:29 - 02347384 _____ (ESET) C:\Users\Xavier\Downloads\esetsmartinstaller_enu.exe
2014-06-11 00:26 - 2014-06-11 00:23 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST
2014-06-11 00:21 - 2010-06-18 15:25 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-11 00:17 - 2014-06-11 00:12 - 139793520 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_10_17_25.exe
2014-06-10 23:54 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-10 23:48 - 2014-06-10 23:44 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-06-10 23:48 - 2014-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-10 22:41 - 2014-06-10 22:41 - 00003596 _____ () C:\Users\Xavier\Desktop\RKreport_SCN_06102014_223913.log
2014-06-10 22:22 - 2009-07-14 13:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-10 19:08 - 2014-06-10 19:08 - 00000000 ____D () C:\Windows\ERDNT
2014-06-10 19:07 - 2014-06-10 19:07 - 00000907 _____ () C:\Users\Xavier\Desktop\ERUNT.lnk
2014-06-10 19:07 - 2014-06-10 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-10 19:07 - 2014-06-10 19:07 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-10 19:06 - 2014-06-06 16:37 - 00002216 _____ () C:\Users\Xavier\Desktop\Rkill.txt
2014-06-10 19:01 - 2014-06-10 19:01 - 00791393 _____ (Lars Hederer ) C:\Users\Xavier\Downloads\erunt-setup.exe
2014-06-10 18:51 - 2014-06-10 18:50 - 00000163 _____ () C:\Users\Xavier\Downloads\ckfiles.txt
2014-06-10 18:34 - 2014-06-10 18:34 - 00468480 _____ () C:\Users\Xavier\Downloads\CKScanner.exe
2014-06-10 18:04 - 2014-06-08 18:22 - 00000000 ____D () C:\Users\Xavier\Downloads\FRST-OlderVersion
2014-06-10 17:49 - 2014-06-03 08:45 - 01016261 _____ (Thisisu) C:\Users\Xavier\Downloads\JRT.exe
2014-06-10 17:19 - 2014-06-06 00:24 - 01333465 _____ () C:\Users\Xavier\Downloads\AdwCleaner.exe
2014-06-10 17:12 - 2014-06-10 17:12 - 00004242 _____ () C:\Users\Xavier\Desktop\do.txt
2014-06-10 07:52 - 2014-06-10 07:52 - 522374873 _____ () C:\Users\Xavier\Downloads\Dandy-001.flv
2014-06-10 07:43 - 2014-06-10 07:43 - 476634133 _____ () C:\Users\Xavier\Downloads\DVDES-352.rmvb
2014-06-09 23:47 - 2010-11-26 08:53 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410269394-236509034-534361320-1000Core.job
2014-06-09 07:41 - 2014-06-09 07:39 - 00028338 _____ () C:\Users\Xavier\Desktop\dds.txt
2014-06-09 07:41 - 2014-06-09 07:39 - 00014292 _____ () C:\Users\Xavier\Desktop\Attach.txt
2014-06-09 07:36 - 2014-06-09 07:36 - 00688992 ____R (Swearware) C:\Users\Xavier\Downloads\dds.com
2014-06-08 18:24 - 2014-06-08 18:24 - 00070878 _____ () C:\Users\Xavier\Desktop\FRST_Lastest.txt
2014-06-06 18:54 - 2014-06-06 18:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 18:41 - 2014-06-06 18:36 - 139282600 _____ () C:\Users\Xavier\Downloads\setup_11.0.1.1245.x01_2014_06_06_13_25.exe
2014-06-06 17:50 - 2014-06-06 17:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 17:02 - 2014-06-06 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 17:00 - 2014-06-06 17:00 - 05245952 _____ () C:\Users\Xavier\Downloads\RogueKillerX64.exe
2014-06-06 16:41 - 2014-06-06 16:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-06-06 16:37 - 2014-06-06 16:37 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Xavier\Downloads\rkill.exe
2014-06-05 07:02 - 2014-06-03 17:33 - 00042427 _____ () C:\Users\Xavier\Downloads\Addition.txt
2014-06-03 20:13 - 2014-06-03 20:10 - 05558808 _____ () C:\Users\Xavier\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-06-03 17:53 - 2014-06-03 17:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:53 - 2010-12-06 09:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 17:52 - 2014-06-03 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Xavier\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 17:49 - 2014-06-03 17:49 - 00040179 _____ () C:\Users\Xavier\Desktop\Addition.txt
2014-06-03 17:31 - 2014-06-03 17:30 - 00000000 _____ () C:\Users\Xavier\Downloads\ComboFix.exe
2014-06-03 09:24 - 2010-08-04 07:32 - 00007595 _____ () C:\Users\Xavier\AppData\Local\Resmon.ResmonCfg
2014-06-03 09:15 - 2014-06-03 09:15 - 00015412 _____ () C:\Users\Xavier\Documents\JRT.txt
2014-06-03 09:05 - 2014-06-03 09:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 08:16 - 2014-06-03 08:16 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Xavier\Downloads\tdsskiller.exe
2014-06-03 07:59 - 2014-06-03 07:59 - 00709260 _____ () C:\Users\Xavier\Downloads\delfix_10.7.exe
2014-06-03 07:25 - 2014-06-03 07:25 - 34523597 _____ () C:\Users\Xavier\Downloads\Hannah Lau.zip
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 23:43 - 2014-06-02 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-02 00:56 - 2014-06-01 21:56 - 00000952 _____ () C:\Users\Xavier\Downloads\MVI_1006.MOV
2014-06-02 00:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 21:40 - 2013-11-26 15:58 - 00000000 ____D () C:\Program Files\Google
2014-06-01 21:40 - 2013-11-26 15:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-01 20:19 - 2014-06-01 17:48 - 260091368 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part4.rar
2014-06-01 16:12 - 2014-06-01 08:26 - 471859200 _____ () C:\Users\Xavier\Downloads\hanshiyu20120206(L).part1.rar
2014-06-01 10:06 - 2014-06-01 10:04 - 77744735 _____ () C:\Users\Xavier\Downloads\2013JUL-1.rar
2014-05-31 22:39 - 2014-05-31 22:36 - 47302804 _____ () C:\Users\Xavier\Downloads\2009JAN-2.wmv
2014-05-31 19:17 - 2014-05-31 19:09 - 28058242 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-小琴實錄.rm
2014-05-31 18:52 - 2014-05-31 18:42 - 29819642 _____ () C:\Users\Xavier\Downloads\青岛小琴系列-相互调教.rmvb
2014-05-31 18:50 - 2014-05-31 18:42 - 02671422 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Cohabit fun.rm
2014-05-31 18:43 - 2014-05-31 18:30 - 37570179 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Black Sofa.rmvb
2014-05-31 18:35 - 2014-05-31 18:30 - 12412301 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Simple Sex Trade.rmvb
2014-05-31 18:26 - 2014-05-31 18:09 - 14726645 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - White Shirt.rm
2014-05-31 18:25 - 2014-05-31 18:12 - 00000000 ____D () C:\Users\Xavier\Downloads\HK20140530Dance
2014-05-31 18:21 - 2014-05-31 18:17 - 26191926 _____ () C:\Users\Xavier\Downloads\QingDaoXiaoQin - Xmas Afternoon.rmvb
2014-05-31 13:16 - 2014-05-31 12:23 - 00000000 ____D () C:\Users\Xavier\Downloads\Flower King
2014-05-31 13:15 - 2014-04-29 07:10 - 38258837 _____ () C:\Users\Xavier\Downloads\12345.rar
2014-05-31 12:42 - 2011-10-14 23:36 - 00000000 ____D () C:\Windows\pss
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2014-05-31 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-31 12:07 - 2010-06-19 14:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-31 10:54 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-31 10:54 - 2009-07-14 12:54 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-05-31 10:54 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-30 21:49 - 2014-05-30 21:49 - 00000044 _____ () C:\Users\Xavier\AppData\Roaming\WB.CFG
2014-05-30 18:41 - 2014-05-30 08:25 - 314572800 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part1.rar
2014-05-30 16:44 - 2014-05-30 08:57 - 69395464 _____ () C:\Users\Xavier\Downloads\yiruowa201110061Mov.part2.rar
2014-05-30 15:48 - 2014-05-30 15:48 - 01011183 _____ () C:\Users\Xavier\Downloads\Jasmine.flv
2014-05-30 10:01 - 2014-05-15 09:53 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-26 21:37 - 2014-05-26 21:37 - 09385933 _____ () C:\Users\Xavier\Downloads\Cute 4.mp4
2014-05-26 19:48 - 2014-05-26 19:48 - 05152368 _____ (McAfee, Inc.) C:\Users\Xavier\Downloads\McAfeeSetup.exe
2014-05-26 19:47 - 2010-06-16 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-26 19:43 - 2014-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-25 10:29 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-24 23:13 - 2014-05-24 23:12 - 117140028 _____ () C:\Users\Xavier\Downloads\▶ ♡ OOTD_ Monday _ Hello Ashely pink dress_ ♡ - YouTube [720p].mp4
2014-05-24 21:57 - 2010-06-18 15:25 - 00000000 ____D () C:\Users\Xavier
2014-05-24 21:13 - 2014-05-23 16:13 - 00000000 ____D () C:\Windows\rescache
2014-05-24 20:35 - 2009-07-14 10:34 - 79167488 _____ () C:\Windows\system32\config\software.rmbak
2014-05-24 20:35 - 2009-07-14 10:34 - 02097152 _____ () C:\Windows\system32\config\default.rmbak
2014-05-24 20:25 - 2014-05-24 20:25 - 00000000 ____D () C:\Roxio
2014-05-24 19:43 - 2014-04-20 15:21 - 00000000 ____D () C:\Users\Xavier\Downloads\Edited folder
2014-05-23 08:48 - 2012-06-03 13:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-23 08:48 - 2010-06-18 15:43 - 00000000 ____D () C:\Temp
2014-05-23 08:45 - 2012-06-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-22 19:27 - 2014-05-22 19:27 - 917441947 _____ () C:\Users\Xavier\Downloads\3D.Naked.Ambition.2014.720p.BDRip.x264.AAC.mkv
2014-05-22 17:18 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files\stinger
2014-05-20 07:11 - 2014-05-20 07:11 - 00000000 ____D () C:\NVIDIA Corporation
2014-05-20 06:35 - 2014-05-20 06:35 - 25664616 _____ () C:\Users\Xavier\Downloads\IJC part 3.MOV
2014-05-20 06:34 - 2014-05-20 06:34 - 41654390 _____ () C:\Users\Xavier\Downloads\IJC part 2.MOV
2014-05-20 06:32 - 2014-05-20 06:32 - 25912627 _____ () C:\Users\Xavier\Downloads\IJC part 1.wmv
2014-05-17 09:29 - 2013-03-20 08:25 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 09:10 - 2013-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 00:49 - 2010-08-17 17:41 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\SoftGrid Client
2014-05-16 23:41 - 2014-05-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 17:31 - 2013-12-26 21:47 - 00014915 _____ () C:\Users\Xavier\Documents\My Toys.xlsx
2014-05-15 11:48 - 2012-08-20 08:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 11:48 - 2012-06-10 23:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 11:48 - 2012-06-10 23:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 11:45 - 2010-06-18 15:29 - 00000000 ___RD () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 11:39 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-15 11:25 - 2014-05-15 11:25 - 00000000 ____D () C:\Intel
2014-05-15 11:25 - 2010-06-16 15:16 - 00000000 ____D () C:\dell
2014-05-15 10:18 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Deployment
2014-05-15 09:53 - 2014-05-15 09:53 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\My Dell
2014-05-15 09:53 - 2014-05-15 09:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-05-15 09:53 - 2010-06-18 15:29 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Dell
2014-05-15 09:53 - 2010-06-16 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:52 - 2010-06-15 23:57 - 00000000 ____D () C:\ProgramData\Dell
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\PCDr
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-15 09:47 - 2014-05-15 09:47 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Apps\2.0
2014-05-15 09:43 - 2014-05-15 09:43 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Dell
2014-05-15 09:22 - 2013-07-12 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:50 - 2013-12-03 17:32 - 00000000 ____D () C:\Users\Xavier\AppData\Local\NVIDIA Corporation
2014-05-14 23:50 - 2012-06-03 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-14 23:45 - 2010-06-18 19:44 - 00000000 ____D () C:\Users\Xavier\Tracing
2014-05-13 22:48 - 2010-10-20 17:37 - 00000000 ____D () C:\Users\Xavier\AppData\Local\Windows Live
2014-05-13 22:44 - 2014-05-13 22:44 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-13 22:44 - 2014-05-13 22:44 - 00000000 ____D () C:\Windows\en
2014-05-13 22:44 - 2013-07-08 16:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-13 22:43 - 2013-07-08 16:13 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-13 22:43 - 2013-07-08 16:13 - 00001382 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-13 22:43 - 2010-10-20 17:39 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-05-13 22:42 - 2013-07-08 16:12 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-13 22:42 - 2010-06-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-12 07:48 - 2014-05-12 07:48 - 28994924 _____ () C:\Users\Xavier\Downloads\chunxiaoxi_nude.zip
2014-05-12 07:47 - 2014-05-12 07:47 - 30570623 _____ () C:\Users\Xavier\Downloads\JiaoJiao_nude.zip
2014-05-12 07:26 - 2014-06-03 17:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 17:53 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2010-12-06 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 14:08

==================== End Of Log ============================

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please go into your Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
STEP 1
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

 

STEP 2
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

STEP 3

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

 

 

 

Link to post
Share on other sites
  • 1 month later...
xavierwan

xavierwan

Posted
  • Author
Posted

Attached is as requested.

 

JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sat Jul 12 19:01:41 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.Found and removed: Applications\java.exeFound and removed: Applications\javaw.exeFound and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}Found and removed: Software\JavaSoft\Java UpdateFound and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B338232391207FFFound and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467CFound and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-appletFound and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-fileFound and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\.jarFound and removed: SOFTWARE\Classes\.jnlpFound and removed: SOFTWARE\Classes\jarfileFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Classes\JNLPFileFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exeFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}Found and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\MozillaPlugins------------------------------------Finished reporting.

 

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 60  
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Great, At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites
  • 1 month later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept