Jump to content

Malwarebyte fail to launch


tomming

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by User (administrator) on IDEA-PC on 22-09-2014 23:16:13
Running from C:\Users\User\Downloads\Programs
Platform: Windows 8 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc64.sys
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.47\QvodWebService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Sogou.com Inc) C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Sogou.com Inc.) C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
() C:\Program Files (x86)\kuwo\KWMUSIC2013\bin\KwMusic.exe
() C:\Program Files (x86)\kuwo\KWMUSIC2013\bin\IESandBox.exe
() C:\Program Files (x86)\kuwo\KWMUSIC2013\bin\KwService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-07-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-07-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CucusoftNetGuard] => [X]
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2013-08-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QvodTerminal] => C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe [1240496 2014-04-18] (Shenzhen QVOD Technology Co.,Ltd)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [kwmusic] => C:\Program Files (x86)\kuwo\KWMUSIC2013\Kwmusic.exe [550784 2013-12-03] (酷我科技)
HKLM-x32\...\Run: [KwSing] => C:\Program Files (x86)\KWSING\KwSing.exe [59240 2013-07-01] (酷我科技)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1435672 2013-12-18] (Google Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [CucusoftNetGuard] => C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe [868352 2013-05-03] (Cucusoft, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-16] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-12] (Facebook Inc.)
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\Run: [imeGuardCom] => C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe [368760 2014-06-26] (Sogou.com Inc.)
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\Run: [publgdnzsz] => wscript.exe //B "C:\Users\User\AppData\Local\Temp\publgdnzsz.vbs" <===== ATTENTION
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3812944 2013-10-04] (Tonec Inc.)
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\Run: [ctfmon] => C:\windows\system32\ctfmon.exe [10240 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\MountPoints2: {056969e0-6231-11e3-bea4-582c80139263} - "F:\AutoRun.exe"
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\MountPoints2: {55f386f2-3a75-11e3-be90-48d224517984} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1256655842-410580317-310688142-1002\...\MountPoints2: {d767c28e-32c7-11e3-be8e-48d224517984} - "F:\AutoRun.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [245872 2013-03-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [201576 2013-03-06] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: AAADesktopTips -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(128).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers-x32: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.us.com/?guid={63CD1A8A-D16C-422A-AED6-EE95F9AF5FAA}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/?guid={63CD1A8A-D16C-422A-AED6-EE95F9AF5FAA}
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {A4B6D0F1-C877-415B-AB3D-94945C27C722} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {A4B6D0F1-C877-415B-AB3D-94945C27C722} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {2E81EC6D-D286-468D-BABB-C1370AF4FEEA} URL = http://search.us.com/serp?guid={5CBC9D48-DCBD-42DC-A1E2-A701A2E127FC}&action=default_search&k={searchTerms}
SearchScopes: HKCU - {009599E2-C967-499B-9AC2-FD4FAC442397} URL = http://search.us.com/serp?guid={63CD1A8A-D16C-422A-AED6-EE95F9AF5FAA}&action=default_search&k={searchTerms}
SearchScopes: HKCU - {112AA371-D9F2-427E-BD4F-D9571DB7C857} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US714&p={SearchTerms}
SearchScopes: HKCU - {2E81EC6D-D286-468D-BABB-C1370AF4FEEA} URL = http://search.us.com/serp?guid={5CBC9D48-DCBD-42DC-A1E2-A701A2E127FC}&action=default_search&k={searchTerms}
SearchScopes: HKCU - {4E243DC3-9CFA-47DF-B7B4-878658FF9422} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
SearchScopes: HKCU - {A4B6D0F1-C877-415B-AB3D-94945C27C722} URL =
SearchScopes: HKCU - {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=58051076_oem_dg&ch=33
BHO: ѸÀ×ÏÂÔØÖ§³Ö -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.24.4804.dll (深圳市迅雷网络技术有限公司)
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: 01364FAD-8F08-6346-C046-33BF7DD5A631 Class -> {01364FAD-8F08-6346-C046-33BF7DD5A631} -> C:\Program Files (x86)\QvodPlayer\AddIn\{01364FAD-8F08-6346-C046-33BF7DD5A631}\QvodAddr.dll ()
BHO-x32: 搜狗输入法地址栏搜索 -> {0C3ED74B-8703-4003-A1F4-2B2A0C450DD2} -> C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddr.dll (Sogou.com Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: ѸÀ×ÏÂÔØÖ§³Ö -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.9.8.4550.dll No File
BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ѸÀ×ÏÂÔØÖ§³Ö×é¼þ -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Show Xmlbar Toolbar - {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll (Xmlbar.com)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3wwhio6d.default-1410645878620
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @xunlei.com/DapCtrl -> C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(720).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKCU: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin HKCU: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3wwhio6d.default-1410645878620\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: IDM CC - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3wwhio6d.default-1410645878620\Extensions\mozilla_cc@internetdownloadmanager.com [2014-09-15]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2014-09-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-08-07]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-09-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-09-19]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\User\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2013-12-10]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\User\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HomePage: Default -> 5D04CAAC58349F85BF48881A0E52D08CFD79E60991EC615D362C52A342F1B28B
CHR DefaultSearchKeyword: Default -> 83B03DA3503352087357D5AF7A171C35CCDD987A7AA96D68D69A6AD91A58ECA9
CHR DefaultSearchURL: Default -> C341E238DE03410C59F1E290FE5B93BC89779337AF55313088F3684480DCA355
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (xl_chrome_plugin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.2_0\xl_chrome.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Thunder DapCtrl NPAPI Plugin) - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(130).dll No File
CHR Plugin: (XunLei User Plugin) - C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (kwcheck-plugin) - C:\Program Files (x86)\Kuaiwan\npKWCheck.dll No File
CHR Plugin: (mozilla-kw-flashgame-plugin) - C:\Program Files (x86)\Kuaiwan\npKWFlashGame.dll No File
CHR Plugin: (mozilla-kwwebgame-plugin) - C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
CHR Plugin: (QvodInsert) - C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
CHR Plugin: (QvodShareModule) - C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (XunLei Plugin) - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (PPS Browser Plugin) - D:\PPS.tv\PPStream\nppps.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (ThunderLixianAssistant) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehlmkfpnagoieibahhcghphdbjcdmen [2014-07-26]
CHR Extension: (SiteAdvisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-09-25]
CHR Extension: (IDM Integration Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-12-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-08-07]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Unblock Youku) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-10-04]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2013-08-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-16] (Windows ® Win 7 DDK provider)
R2 CS_AutoUpdate; C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe [44696 2012-07-17] (Cucusoft, Inc.)
R2 CS_BandwidthGuard; C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys [223392 2013-03-24] (Cucusoft, Inc.)
R2 CS_BandwidthGuard64; C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc64.sys [292000 2013-03-24] (Cucusoft, Inc.)
R2 CS_SysMsgProxy; C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys [255136 2013-03-24] (Cucusoft, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-02-24] (ELAN Microelectronics Corp.)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [754712 2013-12-18] (Google Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-11-05] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-27] ()
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 OmniAddrService; C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe [154352 2014-07-10] (Sogou.com Inc)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-07-22] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-16] (Atheros) [File not signed]
S3 KMSServerService; C:\windows\system32\kms.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-16] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-06-20] (AnchorFree Inc.)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [92888 2014-08-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 Nbdrv; \SystemRoot\system32\DRIVERS\nbdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 23:15 - 2014-09-22 23:16 - 00000000 ____D () C:\FRST
2014-09-22 22:35 - 2014-09-22 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-22 07:29 - 2014-09-22 07:30 - 00000000 ____D () C:\Users\User\Desktop\metodology
2014-09-21 23:40 - 2014-09-21 23:41 - 00291592 _____ () C:\windows\Minidump\092114-23140-01.dmp
2014-09-21 23:29 - 2014-09-21 23:30 - 190109429 _____ () C:\Users\User\Documents\st.rar
2014-09-21 13:31 - 2014-09-21 13:31 - 00000000 ____D () C:\Users\User\Documents\animation
2014-09-21 00:01 - 2014-09-21 00:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-20 23:24 - 2014-09-20 23:24 - 00001258 _____ () C:\Users\User\Desktop\158上网助手.lnk
2014-09-20 17:58 - 2014-09-20 18:01 - 117733531 _____ () C:\Users\User\Documents\fin.rar
2014-09-20 13:29 - 2014-09-20 13:29 - 33741968 _____ () C:\Users\User\Documents\meww.rar
2014-09-20 12:40 - 2014-09-20 12:40 - 49165526 _____ () C:\Users\User\Documents\kk.rar
2014-09-17 13:21 - 2014-09-17 13:21 - 00059307 _____ () C:\Users\User\ia_remove.sh8656.tmp
2014-09-17 13:21 - 2014-09-17 13:21 - 00000000 _____ () C:\Users\User\Maple_9.5_InstallLog.log
2014-09-17 13:18 - 2014-09-17 13:21 - 00000000 ___HD () C:\Users\User\Zero G Registry
2014-09-17 13:18 - 2014-09-17 13:18 - 00000016 _____ () C:\Users\User\persistent_state
2014-09-16 14:48 - 2014-09-16 14:48 - 00000000 ____D () C:\Users\User\AppData\Local\RescueTime.com
2014-09-16 14:47 - 2014-09-16 14:48 - 00000000 ____D () C:\Program Files (x86)\RescueTime
2014-09-16 14:47 - 2014-09-16 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescueTime
2014-09-13 20:56 - 2014-09-13 20:56 - 00000947 _____ () C:\Users\User\Desktop\EasyToon 1.9.9 EN FINAL.lnk
2014-09-13 20:56 - 2014-09-13 20:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EasyToon 1.9.9 EN FINAL
2014-09-13 20:56 - 2014-09-13 20:56 - 00000000 ____D () C:\Program Files\EasyToon 1.9.9 EN FINAL
2014-09-13 18:26 - 2014-09-13 18:27 - 129606271 _____ () C:\Users\User\Documents\anevolley.rar
2014-09-13 14:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-09-13 14:15 - 2014-09-22 22:37 - 00000000 ____D () C:\AdwCleaner
2014-09-09 13:44 - 2014-09-09 13:44 - 00000000 ___HD () C:\Users\User\.git
2014-09-04 05:03 - 2014-09-04 05:11 - 1343747975 _____ () C:\Users\User\Documents\put.rar
2014-09-04 05:03 - 2014-09-04 05:03 - 39387700 _____ () C:\Users\User\Documents\da.rar
2014-09-02 03:14 - 2014-09-02 03:16 - 316782742 _____ () C:\Users\User\Documents\s.rar
2014-08-27 02:40 - 2014-08-27 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2014-08-27 02:39 - 2014-08-27 02:40 - 00000000 ____D () C:\Program Files (x86)\Git
2014-08-23 20:59 - 2014-09-17 13:20 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-23 20:59 - 2014-09-17 13:20 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-23 20:59 - 2014-09-17 13:20 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-23 20:59 - 2014-09-17 13:20 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-23 20:59 - 2014-09-17 13:20 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-08-23 20:59 - 2014-09-17 13:20 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-08-23 20:59 - 2014-09-17 13:20 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-23 20:59 - 2014-09-17 13:20 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-23 20:59 - 2014-09-17 13:20 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-23 20:59 - 2014-09-17 13:20 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-23 20:59 - 2014-09-17 13:20 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-23 20:59 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-23 20:58 - 2014-09-20 07:48 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-23 20:58 - 2014-09-20 07:48 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-23 20:58 - 2014-09-20 07:48 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-23 20:58 - 2014-09-20 07:48 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 23:16 - 2014-09-22 23:15 - 00000000 ____D () C:\FRST
2014-09-22 23:16 - 2013-07-22 20:25 - 01274944 _____ () C:\windows\WindowsUpdate.log
2014-09-22 23:13 - 2013-09-12 08:08 - 00000940 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1256655842-410580317-310688142-1002UA.job
2014-09-22 23:10 - 2013-09-23 16:03 - 00000000 ____D () C:\ProgramData\mcache
2014-09-22 23:06 - 2013-08-16 15:04 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-09-22 22:52 - 2013-08-07 15:57 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 22:37 - 2014-09-13 14:15 - 00000000 ____D () C:\AdwCleaner
2014-09-22 22:35 - 2014-09-22 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-22 22:35 - 2014-05-30 13:43 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-09-22 22:31 - 2013-09-28 12:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\DMCache
2014-09-22 22:29 - 2013-08-07 15:57 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 22:29 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-22 22:27 - 2013-08-07 22:04 - 37307318 _____ () C:\Users\Public\CAFADEBUG.log
2014-09-22 22:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-09-22 21:21 - 2014-08-07 05:13 - 00000000 ____D () C:\Users\User\Documents\wengkin
2014-09-22 21:10 - 2014-07-26 04:02 - 00000000 __SHD () C:\Users\User\wc
2014-09-22 20:14 - 2013-08-21 23:28 - 00000000 ____D () C:\Users\User\Documents\document
2014-09-22 19:34 - 2012-07-26 00:28 - 00900104 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-22 19:28 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-22 07:30 - 2014-09-22 07:29 - 00000000 ____D () C:\Users\User\Desktop\metodology
2014-09-21 23:41 - 2014-09-21 23:40 - 00291592 _____ () C:\windows\Minidump\092114-23140-01.dmp
2014-09-21 23:40 - 2013-10-21 23:26 - 700474815 _____ () C:\windows\MEMORY.DMP
2014-09-21 23:40 - 2013-10-21 23:26 - 00000000 ____D () C:\windows\Minidump
2014-09-21 23:30 - 2014-09-21 23:29 - 190109429 _____ () C:\Users\User\Documents\st.rar
2014-09-21 23:21 - 2013-08-07 15:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-21 23:20 - 2013-08-15 00:58 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-09-21 22:34 - 2013-08-15 04:59 - 00000954 _____ () C:\Users\User\AppData\Roaming\coreavc.ini
2014-09-21 15:02 - 2014-01-18 00:00 - 00000000 ____D () C:\Users\User\Downloads\Video
2014-09-21 14:53 - 2013-08-07 15:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\Atheros
2014-09-21 13:31 - 2014-09-21 13:31 - 00000000 ____D () C:\Users\User\Documents\animation
2014-09-21 13:31 - 2013-08-07 15:52 - 00000000 ____D () C:\Users\User\Documents\Bluetooth Folder
2014-09-21 00:41 - 2013-08-11 09:14 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1256655842-410580317-310688142-1002
2014-09-21 00:01 - 2014-09-21 00:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-20 23:24 - 2014-09-20 23:24 - 00001258 _____ () C:\Users\User\Desktop\158上网助手.lnk
2014-09-20 23:14 - 2014-01-20 17:51 - 00000000 ____D () C:\Users\User\Downloads\Compressed
2014-09-20 18:01 - 2014-09-20 17:58 - 117733531 _____ () C:\Users\User\Documents\fin.rar
2014-09-20 13:29 - 2014-09-20 13:29 - 33741968 _____ () C:\Users\User\Documents\meww.rar
2014-09-20 12:40 - 2014-09-20 12:40 - 49165526 _____ () C:\Users\User\Documents\kk.rar
2014-09-20 07:50 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-09-20 07:49 - 2014-07-11 18:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-20 07:49 - 2013-03-25 14:02 - 00118838 _____ () C:\windows\PFRO.log
2014-09-20 07:48 - 2014-08-23 20:58 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-09-20 07:48 - 2014-08-23 20:58 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-09-20 07:48 - 2014-08-23 20:58 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-09-20 07:48 - 2014-08-23 20:58 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-09-20 07:48 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2014-09-20 07:48 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-09-19 15:49 - 2014-07-11 17:48 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-09-19 14:55 - 2014-04-06 06:42 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 13:21 - 2014-09-17 13:21 - 00059307 _____ () C:\Users\User\ia_remove.sh8656.tmp
2014-09-17 13:21 - 2014-09-17 13:21 - 00000000 _____ () C:\Users\User\Maple_9.5_InstallLog.log
2014-09-17 13:21 - 2014-09-17 13:18 - 00000000 ___HD () C:\Users\User\Zero G Registry
2014-09-17 13:20 - 2014-08-23 20:59 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-09-17 13:20 - 2014-08-23 20:59 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-09-17 13:20 - 2014-08-23 20:59 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-09-17 13:20 - 2014-08-23 20:59 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-09-17 13:20 - 2014-08-23 20:59 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-09-17 13:20 - 2014-08-23 20:59 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-09-17 13:20 - 2014-08-23 20:59 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-09-17 13:20 - 2014-08-23 20:59 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-09-17 13:20 - 2014-08-23 20:59 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-09-17 13:20 - 2014-08-23 20:59 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-09-17 13:20 - 2014-08-23 20:59 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-09-17 13:18 - 2014-09-17 13:18 - 00000016 _____ () C:\Users\User\persistent_state
2014-09-16 14:48 - 2014-09-16 14:48 - 00000000 ____D () C:\Users\User\AppData\Local\RescueTime.com
2014-09-16 14:48 - 2014-09-16 14:47 - 00000000 ____D () C:\Program Files (x86)\RescueTime
2014-09-16 14:47 - 2014-09-16 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescueTime
2014-09-13 20:56 - 2014-09-13 20:56 - 00000947 _____ () C:\Users\User\Desktop\EasyToon 1.9.9 EN FINAL.lnk
2014-09-13 20:56 - 2014-09-13 20:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EasyToon 1.9.9 EN FINAL
2014-09-13 20:56 - 2014-09-13 20:56 - 00000000 ____D () C:\Program Files\EasyToon 1.9.9 EN FINAL
2014-09-13 18:27 - 2014-09-13 18:26 - 129606271 _____ () C:\Users\User\Documents\anevolley.rar
2014-09-13 15:04 - 2013-12-05 18:39 - 00000000 ____D () C:\Users\User\Desktop\Old Firefox Data
2014-09-11 18:56 - 2013-12-06 00:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-09-11 17:19 - 2013-12-06 00:57 - 00001077 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-11 17:19 - 2013-12-06 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-11 17:15 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Resources
2014-09-10 09:02 - 2013-08-07 15:59 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-09-09 13:44 - 2014-09-09 13:44 - 00000000 ___HD () C:\Users\User\.git
2014-09-09 12:32 - 2013-10-20 10:25 - 00000000 ____D () C:\Users\User\Documents\eclipse_1
2014-09-09 08:13 - 2013-09-12 08:08 - 00000918 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1256655842-410580317-310688142-1002Core.job
2014-09-04 05:11 - 2014-09-04 05:03 - 1343747975 _____ () C:\Users\User\Documents\put.rar
2014-09-04 05:03 - 2014-09-04 05:03 - 39387700 _____ () C:\Users\User\Documents\da.rar
2014-09-02 03:16 - 2014-09-02 03:14 - 316782742 _____ () C:\Users\User\Documents\s.rar
2014-09-02 02:49 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-08-27 02:40 - 2014-08-27 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2014-08-27 02:40 - 2014-08-27 02:39 - 00000000 ____D () C:\Program Files (x86)\Git

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\84ppnzij.dll
C:\Users\User\AppData\Local\Temp\AcDeltree.exe
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\down.7280.ext_setup.exe
C:\Users\User\AppData\Local\Temp\htmlayout.dll
C:\Users\User\AppData\Local\Temp\k_ct_85n.dll
C:\Users\User\AppData\Local\Temp\OfficeSetup.exe
C:\Users\User\AppData\Local\Temp\PidGenX.dll
C:\Users\User\AppData\Local\Temp\QvodSetup5.14.142.20130804fix.exe
C:\Users\User\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_6PVPD-CNWDQ-G734C-DG7BM-VQTXK_act_1_.exe
C:\Users\User\AppData\Local\Temp\sogou_pinyin_7.1.0.1870_up_5.exe
C:\Users\User\AppData\Local\Temp\Tsu625A01AF.dll
C:\Users\User\AppData\Local\Temp\Tsu662AD671.dll
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-14 14:47

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

  • 4 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.