Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browsers (Firefox, Chrome & IE) highjacked by hao123

Started by eys12345 , Dec 03 2014 12:11 PM
hao123 homepage highjacker

  • Please log in to reply

#1
eys12345
Posted 03 December 2014 - 12:11 PM

eys12345

    Member

  • Member
  • PipPip
  • 14 posts

Hi

 

All my broswers are being highjacked by Hao123 and my PC's start up (Windows 8) has become so much slower than before. I've tried tonnes of malware remover / anti spyware that i could google but it just wouldn't work. Hopefully this can be solved through this forum and i wanna thank u for taking your time helping me up.

 

OTL scan as below:

 

OTL logfile created on: 12/4/2014 1:55:06 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SiewYun\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 44.59% Memory free
6.00 Gb Paging File | 3.64 Gb Available in Paging File | 60.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.61 Gb Total Space | 715.33 Gb Free Space | 77.62% Space Free | Partition Type: NTFS
Drive F: | 496.00 Mb Total Space | 446.02 Mb Free Space | 89.92% Space Free | Partition Type: FAT32
Drive X: | 350.00 Mb Total Space | 49.91 Mb Free Space | 14.26% Space Free | Partition Type: NTFS
Drive Y: | 8.43 Gb Total Space | 0.23 Gb Free Space | 2.75% Space Free | Partition Type: NTFS
 
Computer Name: DAVID_LING | User Name: SiewYun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/04 01:54:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SiewYun\Downloads\OTL.exe
PRC - [2014/11/26 10:59:09 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
PRC - [2014/11/15 14:18:34 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/12 21:49:18 | 001,112,936 | ---- | M] (S p i g o t, I n c.) -- C:\Users\SiewYun\AppData\Roaming\Search Protection\SP.EXE
PRC - [2014/11/11 10:57:17 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/22 17:58:55 | 000,081,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
PRC - [2014/09/19 04:02:14 | 001,924,328 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2014/09/12 17:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/03 10:56:10 | 000,493,288 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2014/07/03 10:54:34 | 004,167,912 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2014/06/17 21:31:34 | 000,662,184 | ---- | M] (AdTrustMedia) -- C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe
PRC - [2013/11/02 14:01:12 | 002,346,664 | ---- | M] (Docudesk Corporation) -- C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe
PRC - [2013/08/22 12:17:05 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/02 09:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/09/02 09:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/07/20 02:00:54 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/20 02:00:52 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/20 02:00:28 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/19 17:17:30 | 000,077,824 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2006/06/19 11:20:56 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Anti-Hijacker\AntiHijacker 1.21.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/26 10:59:08 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
MOD - [2014/11/15 14:20:07 | 000,316,576 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2014/11/11 10:57:17 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/07/31 06:37:26 | 001,906,464 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2014/04/22 08:52:06 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3be4139a741b447ab35a2c788a2f4559\UIAutomationTypes.ni.dll
MOD - [2014/04/22 08:51:51 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorCommon\9c4f822bba2bf1b87fb97747d296f232\IAStorCommon.ni.dll
MOD - [2014/04/22 08:44:57 | 000,043,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Accessibility\9c87f327866f53aec68d4fee40cde33d\Accessibility.ni.dll
MOD - [2014/01/27 19:52:41 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2012/11/26 13:19:28 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012/11/26 13:19:20 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
MOD - [2006/06/19 11:20:56 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Anti-Hijacker\AntiHijacker 1.21.EXE
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/31 12:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/30 01:24:10 | 002,443,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/10/15 13:37:16 | 000,707,888 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2014/10/07 09:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/22 11:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/22 11:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/16 11:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/16 08:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/16 08:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/24 15:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/14 14:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 13:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 15:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 23:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 17:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 17:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 17:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 17:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/12/10 15:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/08/22 19:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 19:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 19:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 19:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 19:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 18:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 18:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 17:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 17:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 17:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 17:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 17:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 17:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 17:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 17:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/06/20 10:10:34 | 000,634,632 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/18 09:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/11/26 10:59:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/19 04:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/11/11 10:57:17 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/19 04:02:14 | 001,924,328 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2014/09/12 17:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/16 11:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/03/14 14:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/10/03 23:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/22 11:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 10:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/02 09:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/07/20 02:00:54 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/20 02:00:52 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/20 02:00:28 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/06/19 17:17:30 | 000,077,824 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/10 09:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/22 11:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/22 11:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/22 10:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/21 12:30:50 | 000,727,592 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2014/08/21 12:30:50 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2014/08/21 12:30:50 | 000,261,496 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2014/08/15 08:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/29 12:47:31 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/07/28 14:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/24 23:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 23:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 19:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/07/16 11:44:48 | 000,045,248 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys -- (iSafeKrnlBoot)
DRV:64bit: - [2014/07/10 14:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2014/07/10 14:09:30 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys -- (gzflt)
DRV:64bit: - [2014/07/10 14:08:36 | 000,107,080 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2014/07/10 14:08:36 | 000,097,816 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2014/05/01 21:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/20 11:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 20:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/09 04:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/02/23 00:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 23:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 23:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 23:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 23:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 20:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/11/15 14:05:49 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/11 10:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 19:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/26 09:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/03 23:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/30 12:09:39 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/30 11:58:20 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/26 17:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/09/26 17:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 21:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 21:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 20:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 20:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 20:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 20:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 20:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 20:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 20:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 20:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 20:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 20:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 20:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 20:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 20:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 20:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 20:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 20:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 20:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 20:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 20:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 20:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 20:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 20:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 20:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 20:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 20:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 20:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 20:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 19:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 19:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 19:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 19:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 19:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 19:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 19:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 19:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 19:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 19:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 19:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 19:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 19:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 19:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 19:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 19:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 19:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 19:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 19:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 19:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 19:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 16:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/13 07:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 08:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/31 02:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/26 03:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/06/18 22:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/06/18 22:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/05/03 14:18:52 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013/02/19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/01/25 10:12:08 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellRbtn.sys -- (DellRbtn)
DRV:64bit: - [2012/10/27 00:02:10 | 000,651,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 07:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 23:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{FBDA77BE-6BBE-4B77-84E8-9DFDDDDBC313}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{FBDA77BE-6BBE-4B77-84E8-9DFDDDDBC313}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {7F84046E-812F-48EE-92B4-D8E52B87043C}
IE - HKCU\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{7F84046E-812F-48EE-92B4-D8E52B87043C}: "URL" = http://www.baidu.com...d={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "百度"
FF - prefs.js..browser.search.selectedEngine: "百度"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "http://www.baidu.com...=dealio_dg&wd="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files\mcafee\msc\npMcSnFFPl64.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npBdyyPlugin: C:\Program Files (x86)\baidu\BaiduPlayer\3.9.3.12\npbdyy.dll File not found
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\WINDOWS\Downloaded Program Files\23100656\npxbdsetup.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@rooms.hp.com: C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xigua.com/npxgax: C:\Program Files (x86)\xigua\2.7.0.32\npxgax.dll ()
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/10/24 17:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/10/24 17:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\y57zhh5c.default-1406574551022\extensions
 
[2013/05/03 12:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SiewYun\AppData\Roaming\mozilla\Extensions
[2014/12/04 00:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SiewYun\AppData\Roaming\mozilla\Firefox\Profiles\or5vfbda.default-1417434209467\extensions
[2014/12/04 00:34:21 | 000,003,936 | ---- | M] () -- C:\Users\SiewYun\AppData\Roaming\mozilla\firefox\profiles\or5vfbda.default-1417434209467\searchplugins\baidu.xml
[2014/07/31 10:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/11 10:57:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\SIEWYUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OR5VFBDA.DEFAULT-1417434209467\EXTENSIONS\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: No name found = C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
CHR - Extension: No name found = C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.8.0.18_0\
CHR - Extension: No name found = C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/07/28 18:30:41 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No CLSID value found.
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2:64bit: - BHO: (PrivDog Extension) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll (AdTrustMedia)
O2 - BHO: (XGBHOer Class) - {D688CDAC-8854-46AC-A2D0-DD4B6122F3D0} - C:\Users\Public\Documents\xbho.dll File not found
O2 - BHO: (PrivDog Extension) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] "C:\ProgramData\cis2425.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PrivDogService] C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe (AdTrustMedia)
O4 - HKCU..\Run: [deskPDF Creator] C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe (Docudesk Corporation)
O4 - HKCU..\Run: [ImeGuardCom] C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.26\SGImeGuard.exe (Sogou.com Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Users\SiewYun\AppData\Roaming\Search Protection\SP.EXE (S p i g o t, I n c.)
O4 - HKCU..\Run: [SkyDrive] C:\Users\SiewYun\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll (AdTrustMedia)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCE1} https://www2.pbebank...l/csoex_pbb.cab (Reg Error: Key error.)
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB113} https://www2.pbebank...ntrol/csw25.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D15997B-593F-4A02-9F34-B784C626F4D7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{262B4134-B3A8-4D1B-B17B-9EDC0D33CFE5}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/28 20:09:21 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{700cf3ce-bca8-11e2-be6f-a41f72692a0f}\Shell - "" = AutoRun
O33 - MountPoints2\{700cf3ce-bca8-11e2-be6f-a41f72692a0f}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/04 01:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2014/12/03 21:24:18 | 000,000,000 | ---D | C] -- C:\Users\SiewYun\AppData\Roaming\Search Protection
[2014/12/03 21:23:46 | 000,000,000 | ---D | C] -- C:\Users\SiewYun\AppData\Roaming\IObit
[2014/12/03 21:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/12/03 21:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/12/03 21:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Hijacker
[2014/12/01 02:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\softthinks
[2014/11/29 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\SiewYun\Desktop\ryan
[2014/11/27 17:06:28 | 000,000,000 | ---D | C] -- C:\Users\SiewYun\AppData\Roaming\deskPDF Editor
[2014/11/27 17:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docudesk
[2014/11/27 17:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Docudesk
[2014/11/22 11:49:01 | 000,000,000 | ---D | C] -- C:\Users\SiewYun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
[2014/11/21 19:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2014/11/21 18:50:08 | 000,000,000 | ---D | C] -- C:\Users\SiewYun\AppData\Roaming\LavasoftStatistics
[2014/11/21 18:49:44 | 000,358,736 | ---- | C] (Lavasoft Limited) -- C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[2014/11/21 18:49:43 | 000,312,424 | ---- | C] (Lavasoft Limited) -- C:\WINDOWS\SysWow64\LavasoftTcpService.dll
[2014/11/21 18:48:40 | 000,000,000 | ---D | C] -- C:\Users\SiewYun\AppData\Roaming\Lavasoft
[2014/11/21 18:47:37 | 002,084,072 | ---- | C] (Bitdefender) -- C:\WINDOWS\SysNative\bdnc.dll
[2014/11/21 18:47:28 | 001,061,776 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\SysNative\bdsmtpp.dll
[2014/11/21 18:47:28 | 000,209,984 | ---- | C] (BitDefender) -- C:\WINDOWS\SysNative\BdFirewallSDK.dll
[2014/11/21 18:47:28 | 000,195,016 | ---- | C] (BitDefender) -- C:\WINDOWS\SysNative\httproxy.dll
[2014/11/21 18:47:28 | 000,155,912 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\SysNative\bdpop3p.dll
[2014/11/21 18:47:28 | 000,122,928 | ---- | C] (BitDefender) -- C:\WINDOWS\SysNative\OEMbdpredir.dll
[2014/11/21 18:47:28 | 000,096,160 | ---- | C] (BitDefender) -- C:\WINDOWS\SysNative\bdpredir.dll
[2014/11/21 18:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2014/11/21 18:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/11/21 18:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/11/21 18:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[2 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/04 01:48:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001UA.job
[2014/12/04 01:23:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/04 00:59:04 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/12/04 00:22:16 | 000,000,046 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/12/03 21:08:41 | 000,865,408 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/12/03 21:08:41 | 000,731,446 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/12/03 21:08:41 | 000,136,056 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/12/03 21:04:35 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/03 21:04:01 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/03 21:03:37 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/12/03 21:02:32 | 3328,241,664 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/03 21:02:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/12/03 20:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001Core.job
[2014/12/03 20:23:27 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/03 11:38:11 | 000,381,200 | ---- | M] () -- C:\Users\SiewYun\Desktop\vo fong form 49 2014.pdf
[2014/12/02 22:02:57 | 000,001,042 | ---- | M] () -- C:\Users\SiewYun\AppData\Roaming\coreavc.ini
[2014/12/01 02:48:36 | 001,474,832 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\sfi.dat
[2014/11/27 15:35:59 | 000,572,823 | ---- | M] () -- C:\Users\SiewYun\Desktop\vo fong mgmt acc as at July 2014.pdf
[2014/11/27 10:24:22 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/26 11:49:30 | 000,372,520 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/11/23 19:01:17 | 000,001,401 | ---- | M] () -- C:\Users\SiewYun\Desktop\Chromecast.lnk
[2014/11/21 18:49:46 | 000,004,688 | ---- | M] () -- C:\WINDOWS\SysWow64\LavasoftTcpService.ini
[2014/11/21 18:49:46 | 000,002,520 | ---- | M] () -- C:\WINDOWS\SysWow64\LavasoftTcpServiceOff.ini
[2014/11/21 18:49:46 | 000,002,520 | ---- | M] () -- C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[2014/11/21 18:46:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/20 15:07:45 | 001,735,895 | ---- | M] () -- C:\Users\SiewYun\Desktop\vo fong dir IC-2.pdf
[2014/11/20 15:04:40 | 001,762,779 | ---- | M] () -- C:\Users\SiewYun\Desktop\vo fong dir IC-1.pdf
[2014/11/13 18:42:50 | 000,358,736 | ---- | M] (Lavasoft Limited) -- C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[2014/11/13 18:42:46 | 000,312,424 | ---- | M] (Lavasoft Limited) -- C:\WINDOWS\SysWow64\LavasoftTcpService.dll
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[2 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/04 00:22:16 | 000,000,046 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/12/03 11:38:11 | 000,381,200 | ---- | C] () -- C:\Users\SiewYun\Desktop\vo fong form 49 2014.pdf
[2014/11/27 17:05:22 | 000,081,608 | ---- | C] () -- C:\WINDOWS\SysNative\ddcvt4.exe
[2014/11/27 17:05:22 | 000,057,032 | ---- | C] () -- C:\WINDOWS\SysNative\desksc.exe
[2014/11/27 17:05:22 | 000,035,944 | ---- | C] () -- C:\WINDOWS\SysNative\ddmon4-64x.dll
[2014/11/27 17:04:50 | 000,081,608 | ---- | C] () -- C:\WINDOWS\SysWow64\ddcvt4.exe
[2014/11/27 17:04:50 | 000,057,032 | ---- | C] () -- C:\WINDOWS\SysWow64\desksc.exe
[2014/11/27 15:35:58 | 000,572,823 | ---- | C] () -- C:\Users\SiewYun\Desktop\vo fong mgmt acc as at July 2014.pdf
[2014/11/24 01:15:03 | 000,389,176 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/11/21 18:49:46 | 000,004,688 | ---- | C] () -- C:\WINDOWS\SysWow64\LavasoftTcpService.ini
[2014/11/21 18:49:46 | 000,002,520 | ---- | C] () -- C:\WINDOWS\SysWow64\LavasoftTcpServiceOff.ini
[2014/11/21 18:49:46 | 000,002,520 | ---- | C] () -- C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[2014/11/21 18:47:28 | 000,156,936 | ---- | C] () -- C:\WINDOWS\SysNative\bdfwcore.dll
[2014/11/21 18:47:06 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/11/21 18:46:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/20 15:07:44 | 001,735,895 | ---- | C] () -- C:\Users\SiewYun\Desktop\vo fong dir IC-2.pdf
[2014/11/20 15:04:38 | 001,762,779 | ---- | C] () -- C:\Users\SiewYun\Desktop\vo fong dir IC-1.pdf
[2014/07/29 11:49:07 | 000,000,102 | ---- | C] () -- C:\WINDOWS\K7TSUsrInfo.dat
[2014/07/29 11:34:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/07/28 18:05:19 | 000,000,305 | ---- | C] () -- C:\WINDOWS\SysWow64\bdsecushr.dat
[2014/04/18 07:07:17 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 22:48:45 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/11/14 22:27:45 | 000,000,258 | RHS- | C] () -- C:\Users\SiewYun\ntuser.pol
[2013/11/06 19:42:13 | 000,000,000 | ---- | C] () -- C:\Users\SiewYun\.gtk-bookmarks
[2013/11/06 19:41:09 | 000,656,372 | ---- | C] () -- C:\Users\SiewYun\.fonts.cache-1
[2013/10/03 23:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/03 23:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/03 23:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 23:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 23:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 22:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 15:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 11:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 07:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 07:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/05/19 15:55:32 | 000,007,605 | ---- | C] () -- C:\Users\SiewYun\AppData\Local\Resmon.ResmonCfg
[2013/05/07 17:58:31 | 000,001,042 | ---- | C] () -- C:\Users\SiewYun\AppData\Roaming\coreavc.ini
[2013/05/03 23:57:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/04/27 13:40:36 | 000,880,342 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2013/11/15 19:46:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/31 08:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/31 06:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 17:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 10:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 17:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/16 09:40:18 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\AnvSoft
[2014/05/16 10:29:48 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\AppRevels.com
[2014/07/28 18:13:45 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\BindIconDir
[2014/11/27 17:10:59 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\deskPDF Editor
[2014/12/03 21:23:46 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\IObit
[2014/07/28 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\kingsoft
[2014/01/15 00:55:05 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\Octoshape
[2014/07/16 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\PCDr
[2013/11/22 22:12:28 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\PPStream
[2014/12/03 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\Search Protection
[2014/05/16 10:17:32 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\tiger-k
[2014/06/11 16:27:50 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\Windows Live Writer
[2014/05/30 15:44:26 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\Wondershare Video Converter Ultimate
[2014/05/16 10:13:18 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\Xilisoft
[2014/05/30 15:27:03 | 000,000,000 | ---D | M] -- C:\Users\SiewYun\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/10/31 01:35:32 | 000,276,958 | ---- | M] ()(C:\Users\SiewYun\Documents\????????19????? - NextTrip.my.htm) -- C:\Users\SiewYun\Documents\一辈子一定要去的19个绝美小镇 - NextTrip.my.htm
[2014/10/31 01:35:32 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\????????19????? - NextTrip.my_files) -- C:\Users\SiewYun\Documents\一辈子一定要去的19个绝美小镇 - NextTrip.my_files
[2014/10/31 01:35:27 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\????????19????? - NextTrip.my_files) -- C:\Users\SiewYun\Documents\一辈子一定要去的19个绝美小镇 - NextTrip.my_files
[2014/10/31 01:35:26 | 000,276,958 | ---- | C] ()(C:\Users\SiewYun\Documents\????????19????? - NextTrip.my.htm) -- C:\Users\SiewYun\Documents\一辈子一定要去的19个绝美小镇 - NextTrip.my.htm
[2014/10/25 21:45:10 | 000,077,264 | ---- | M] ()(C:\Users\SiewYun\Documents\??????,??????!????????! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\不必花一分錢,就可測十種病!可惜沒幾個人知道! _ Giga Circle.htm
[2014/10/25 21:45:10 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\??????,??????!????????! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\不必花一分錢,就可測十種病!可惜沒幾個人知道! _ Giga Circle_files
[2014/10/25 21:45:09 | 000,077,264 | ---- | C] ()(C:\Users\SiewYun\Documents\??????,??????!????????! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\不必花一分錢,就可測十種病!可惜沒幾個人知道! _ Giga Circle.htm
[2014/10/25 21:45:09 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\??????,??????!????????! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\不必花一分錢,就可測十種病!可惜沒幾個人知道! _ Giga Circle_files
[2014/10/11 00:30:12 | 000,062,616 | ---- | M] ()(C:\Users\SiewYun\Documents\16????????????,???????????????????????? - boMb01.htm) -- C:\Users\SiewYun\Documents\16個實際發生在法庭上的對話,這些對話都讓法庭上的人因忍笑而經歷了不少的痛苦。 - boMb01.htm
[2014/10/11 00:30:10 | 000,062,616 | ---- | C] ()(C:\Users\SiewYun\Documents\16????????????,???????????????????????? - boMb01.htm) -- C:\Users\SiewYun\Documents\16個實際發生在法庭上的對話,這些對話都讓法庭上的人因忍笑而經歷了不少的痛苦。 - boMb01.htm
[2014/10/11 00:30:10 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\16????????????,???????????????????????? - boMb01_files) -- C:\Users\SiewYun\Documents\16個實際發生在法庭上的對話,這些對話都讓法庭上的人因忍笑而經歷了不少的痛苦。 - boMb01_files
[2014/10/11 00:29:50 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\16????????????,???????????????????????? - boMb01_files) -- C:\Users\SiewYun\Documents\16個實際發生在法庭上的對話,這些對話都讓法庭上的人因忍笑而經歷了不少的痛苦。 - boMb01_files
[2014/09/21 18:11:25 | 000,173,727 | ---- | M] ()(C:\Users\SiewYun\Documents\10?????????? - ???? - ????.htm) -- C:\Users\SiewYun\Documents\10大隐藏版雪州沙登美食 - 人民邮报 - 人民邮报.htm
[2014/09/21 18:11:25 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\10?????????? - ???? - ????_files) -- C:\Users\SiewYun\Documents\10大隐藏版雪州沙登美食 - 人民邮报 - 人民邮报_files
[2014/09/21 18:11:20 | 000,173,727 | ---- | C] ()(C:\Users\SiewYun\Documents\10?????????? - ???? - ????.htm) -- C:\Users\SiewYun\Documents\10大隐藏版雪州沙登美食 - 人民邮报 - 人民邮报.htm
[2014/09/21 18:11:20 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\10?????????? - ???? - ????_files) -- C:\Users\SiewYun\Documents\10大隐藏版雪州沙登美食 - 人民邮报 - 人民邮报_files
[2014/09/12 01:01:27 | 000,048,820 | ---- | M] ()(C:\Users\SiewYun\Documents\?????:???PR?EP???????.htm) -- C:\Users\SiewYun\Documents\移民新加坡:公民、PR、EP的社会福利差异.htm
[2014/09/12 01:01:27 | 000,048,820 | ---- | C] ()(C:\Users\SiewYun\Documents\?????:???PR?EP???????.htm) -- C:\Users\SiewYun\Documents\移民新加坡:公民、PR、EP的社会福利差异.htm
[2014/09/12 01:01:27 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\?????:???PR?EP???????_files) -- C:\Users\SiewYun\Documents\移民新加坡:公民、PR、EP的社会福利差异_files
[2014/09/12 01:01:27 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\?????:???PR?EP???????_files) -- C:\Users\SiewYun\Documents\移民新加坡:公民、PR、EP的社会福利差异_files
[2014/09/06 12:50:57 | 000,070,255 | ---- | M] ()(C:\Users\SiewYun\Documents\????10???!????????????! _ Love??.htm) -- C:\Users\SiewYun\Documents\人體內有10斤宿便!清除它比任何減肥都來的快! _ Love分享.htm
[2014/09/06 12:50:57 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\????10???!????????????! _ Love??_files) -- C:\Users\SiewYun\Documents\人體內有10斤宿便!清除它比任何減肥都來的快! _ Love分享_files
[2014/09/06 12:50:56 | 000,070,255 | ---- | C] ()(C:\Users\SiewYun\Documents\????10???!????????????! _ Love??.htm) -- C:\Users\SiewYun\Documents\人體內有10斤宿便!清除它比任何減肥都來的快! _ Love分享.htm
[2014/09/06 12:50:56 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\????10???!????????????! _ Love??_files) -- C:\Users\SiewYun\Documents\人體內有10斤宿便!清除它比任何減肥都來的快! _ Love分享_files
[2014/08/31 00:04:53 | 000,152,924 | ---- | M] ()(C:\Users\SiewYun\Documents\??11?????BRUNCH - ???? - ????.htm) -- C:\Users\SiewYun\Documents\雪隆11家最好吃的BRUNCH - 人民邮报 - 人民邮报.htm
[2014/08/31 00:04:52 | 000,152,924 | ---- | C] ()(C:\Users\SiewYun\Documents\??11?????BRUNCH - ???? - ????.htm) -- C:\Users\SiewYun\Documents\雪隆11家最好吃的BRUNCH - 人民邮报 - 人民邮报.htm
[2014/08/31 00:04:52 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\??11?????BRUNCH - ???? - ????_files) -- C:\Users\SiewYun\Documents\雪隆11家最好吃的BRUNCH - 人民邮报 - 人民邮报_files
[2014/08/31 00:04:52 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\??11?????BRUNCH - ???? - ????_files) -- C:\Users\SiewYun\Documents\雪隆11家最好吃的BRUNCH - 人民邮报 - 人民邮报_files
[2014/08/20 13:41:52 | 000,062,937 | ---- | M] ()(C:\Users\SiewYun\Documents\KFC??????????!???????!?????! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\KFC薯泥制作秘方流了出來!原來超容易做的!趕緊收藏吧! _ Giga Circle.htm
[2014/08/20 13:41:52 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\KFC??????????!???????!?????! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\KFC薯泥制作秘方流了出來!原來超容易做的!趕緊收藏吧! _ Giga Circle_files
[2014/08/20 13:41:51 | 000,062,937 | ---- | C] ()(C:\Users\SiewYun\Documents\KFC??????????!???????!?????! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\KFC薯泥制作秘方流了出來!原來超容易做的!趕緊收藏吧! _ Giga Circle.htm
[2014/08/20 13:41:51 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\KFC??????????!???????!?????! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\KFC薯泥制作秘方流了出來!原來超容易做的!趕緊收藏吧! _ Giga Circle_files
[2014/08/11 14:44:41 | 000,067,663 | ---- | M] ()(C:\Users\SiewYun\Documents\?????????????Google!???????! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\前美國中央情報局人員教你用Google!你真的會變特務! _ Giga Circle.htm
[2014/08/11 14:44:41 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\?????????????Google!???????! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\前美國中央情報局人員教你用Google!你真的會變特務! _ Giga Circle_files
[2014/08/11 14:44:41 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\?????????????Google!???????! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\前美國中央情報局人員教你用Google!你真的會變特務! _ Giga Circle_files
[2014/08/11 14:44:40 | 000,067,663 | ---- | C] ()(C:\Users\SiewYun\Documents\?????????????Google!???????! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\前美國中央情報局人員教你用Google!你真的會變特務! _ Giga Circle.htm
[2014/08/06 17:29:33 | 000,083,372 | ---- | M] ()(C:\Users\SiewYun\Documents\?????????????! ???????????!! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\不用花錢自己在家學會洗冷氣! 鄉民教你徹底洗冷氣撇步!! _ Giga Circle.htm
[2014/08/06 17:29:32 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\?????????????! ???????????!! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\不用花錢自己在家學會洗冷氣! 鄉民教你徹底洗冷氣撇步!! _ Giga Circle_files
[2014/08/06 17:29:28 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\?????????????! ???????????!! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\不用花錢自己在家學會洗冷氣! 鄉民教你徹底洗冷氣撇步!! _ Giga Circle_files
[2014/08/06 17:29:27 | 000,083,372 | ---- | C] ()(C:\Users\SiewYun\Documents\?????????????! ???????????!! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\不用花錢自己在家學會洗冷氣! 鄉民教你徹底洗冷氣撇步!! _ Giga Circle.htm
[2014/07/12 02:11:16 | 000,071,395 | ---- | M] ()(C:\Users\SiewYun\Documents\????????????? _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\分享【各式食材中英文對照】 _ Giga Circle.htm
[2014/07/12 02:11:16 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\????????????? _ Giga Circle_files) -- C:\Users\SiewYun\Documents\分享【各式食材中英文對照】 _ Giga Circle_files
[2014/07/12 02:11:15 | 000,071,395 | ---- | C] ()(C:\Users\SiewYun\Documents\????????????? _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\分享【各式食材中英文對照】 _ Giga Circle.htm
[2014/07/12 02:11:15 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\????????????? _ Giga Circle_files) -- C:\Users\SiewYun\Documents\分享【各式食材中英文對照】 _ Giga Circle_files
[2014/07/11 00:36:39 | 000,084,317 | ---- | M] ()(C:\Users\SiewYun\Documents\??????,??????!(???) _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\爱做饭的朋友,看了不转才怪!(太全了) _ Giga Circle.htm
[2014/07/11 00:36:39 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\??????,??????!(???) _ Giga Circle_files) -- C:\Users\SiewYun\Documents\爱做饭的朋友,看了不转才怪!(太全了) _ Giga Circle_files
[2014/07/11 00:36:38 | 000,084,317 | ---- | C] ()(C:\Users\SiewYun\Documents\??????,??????!(???) _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\爱做饭的朋友,看了不转才怪!(太全了) _ Giga Circle.htm
[2014/07/11 00:36:38 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\??????,??????!(???) _ Giga Circle_files) -- C:\Users\SiewYun\Documents\爱做饭的朋友,看了不转才怪!(太全了) _ Giga Circle_files
[2014/06/30 22:55:06 | 000,088,100 | ---- | M] ()(C:\Users\SiewYun\Documents\?????????????? ???????????????“????” _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\【原來我們的休息方式都錯了】 科學家揭示的真正讓人恢覆精力的“休息模式” _ Giga Circle.htm
[2014/06/30 22:55:06 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\?????????????? ???????????????“????” _ Giga Circle_files) -- C:\Users\SiewYun\Documents\【原來我們的休息方式都錯了】 科學家揭示的真正讓人恢覆精力的“休息模式” _ Giga Circle_files
[2014/06/30 22:55:04 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\?????????????? ???????????????“????” _ Giga Circle_files) -- C:\Users\SiewYun\Documents\【原來我們的休息方式都錯了】 科學家揭示的真正讓人恢覆精力的“休息模式” _ Giga Circle_files
[2014/06/30 22:55:03 | 000,088,100 | ---- | C] ()(C:\Users\SiewYun\Documents\?????????????? ???????????????“????” _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\【原來我們的休息方式都錯了】 科學家揭示的真正讓人恢覆精力的“休息模式” _ Giga Circle.htm
[2014/06/26 00:07:34 | 000,072,881 | ---- | M] ()(C:\Users\SiewYun\Documents\???????????15???.htm) -- C:\Users\SiewYun\Documents\一吃就吸光你身体脂肪的15种食物.htm
[2014/06/26 00:07:34 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\???????????15???_files) -- C:\Users\SiewYun\Documents\一吃就吸光你身体脂肪的15种食物_files
[2014/06/26 00:07:33 | 000,072,881 | ---- | C] ()(C:\Users\SiewYun\Documents\???????????15???.htm) -- C:\Users\SiewYun\Documents\一吃就吸光你身体脂肪的15种食物.htm
[2014/06/26 00:07:33 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\???????????15???_files) -- C:\Users\SiewYun\Documents\一吃就吸光你身体脂肪的15种食物_files
[2014/06/24 20:57:17 | 000,165,310 | ---- | M] ()(C:\Users\SiewYun\Documents\[??] 10??????????! - ???? - ????.htm) -- C:\Users\SiewYun\Documents\[雪隆] 10家你一定要试的西餐厅! - 人民邮报 - 人民邮报.htm
[2014/06/24 20:57:17 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\[??] 10??????????! - ???? - ????_files) -- C:\Users\SiewYun\Documents\[雪隆] 10家你一定要试的西餐厅! - 人民邮报 - 人民邮报_files
[2014/06/24 20:57:16 | 000,165,310 | ---- | C] ()(C:\Users\SiewYun\Documents\[??] 10??????????! - ???? - ????.htm) -- C:\Users\SiewYun\Documents\[雪隆] 10家你一定要试的西餐厅! - 人民邮报 - 人民邮报.htm
[2014/06/24 20:57:16 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\[??] 10??????????! - ???? - ????_files) -- C:\Users\SiewYun\Documents\[雪隆] 10家你一定要试的西餐厅! - 人民邮报 - 人民邮报_files
[2014/06/24 20:51:23 | 000,081,331 | ---- | M] ()(C:\Users\SiewYun\Documents\14?????????,????! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\14個簡單的肯德基方子,好吃慘了! _ Giga Circle.htm
[2014/06/24 20:51:22 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\14?????????,????! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\14個簡單的肯德基方子,好吃慘了! _ Giga Circle_files
[2014/06/24 20:51:21 | 000,081,331 | ---- | C] ()(C:\Users\SiewYun\Documents\14?????????,????! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\14個簡單的肯德基方子,好吃慘了! _ Giga Circle.htm
[2014/06/24 20:51:21 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\14?????????,????! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\14個簡單的肯德基方子,好吃慘了! _ Giga Circle_files
[2014/06/24 02:23:48 | 000,031,304 | ---- | M] ()(C:\Users\SiewYun\Documents\??!?????,?????,???????!.htm) -- C:\Users\SiewYun\Documents\奇方!普通一道菜,清肠清宿便,五脏毒素一扫光!.htm
[2014/06/24 02:23:48 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\??!?????,?????,???????!_files) -- C:\Users\SiewYun\Documents\奇方!普通一道菜,清肠清宿便,五脏毒素一扫光!_files
[2014/06/24 02:23:48 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\??!?????,?????,???????!_files) -- C:\Users\SiewYun\Documents\奇方!普通一道菜,清肠清宿便,五脏毒素一扫光!_files
[2014/06/24 02:23:47 | 000,031,304 | ---- | C] ()(C:\Users\SiewYun\Documents\??!?????,?????,???????!.htm) -- C:\Users\SiewYun\Documents\奇方!普通一道菜,清肠清宿便,五脏毒素一扫光!.htm
[2014/06/22 19:27:31 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\????9?,???????!????!!   Giga Circle_files) -- C:\Users\SiewYun\Documents\教你睡前9招,醒來會排毒瘦身!太神奇了!!   Giga Circle_files
[2014/06/22 19:27:30 | 000,069,236 | ---- | M] ()(C:\Users\SiewYun\Documents\????9?,???????!????!!   Giga Circle.htm) -- C:\Users\SiewYun\Documents\教你睡前9招,醒來會排毒瘦身!太神奇了!!   Giga Circle.htm
[2014/06/22 19:27:30 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\????9?,???????!????!!   Giga Circle_files) -- C:\Users\SiewYun\Documents\教你睡前9招,醒來會排毒瘦身!太神奇了!!   Giga Circle_files
[2014/06/22 19:27:28 | 000,069,236 | ---- | C] ()(C:\Users\SiewYun\Documents\????9?,???????!????!!   Giga Circle.htm) -- C:\Users\SiewYun\Documents\教你睡前9招,醒來會排毒瘦身!太神奇了!!   Giga Circle.htm
[2014/06/20 16:12:49 | 000,105,903 | ---- | M] ()(C:\Users\SiewYun\Documents\5??????,??????????? - ???? - ????.htm) -- C:\Users\SiewYun\Documents\5家复古咖啡馆,品味咖啡香里的怀旧时光 - 人民邮报 - 人民邮报.htm
[2014/06/20 16:12:49 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\5??????,??????????? - ???? - ????_files) -- C:\Users\SiewYun\Documents\5家复古咖啡馆,品味咖啡香里的怀旧时光 - 人民邮报 - 人民邮报_files
[2014/06/20 16:12:47 | 000,105,903 | ---- | C] ()(C:\Users\SiewYun\Documents\5??????,??????????? - ???? - ????.htm) -- C:\Users\SiewYun\Documents\5家复古咖啡馆,品味咖啡香里的怀旧时光 - 人民邮报 - 人民邮报.htm
[2014/06/20 16:12:47 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\5??????,??????????? - ???? - ????_files) -- C:\Users\SiewYun\Documents\5家复古咖啡馆,品味咖啡香里的怀旧时光 - 人民邮报 - 人民邮报_files
[2014/06/03 00:51:48 | 000,307,609 | ---- | M] ()(C:\Users\SiewYun\Documents\??????? ???????????! _ People Insider.htm) -- C:\Users\SiewYun\Documents\大蒜吃了那麼久 現在才發現我們都吃錯了! _ People Insider.htm
[2014/06/03 00:51:48 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\??????? ???????????! _ People Insider_files) -- C:\Users\SiewYun\Documents\大蒜吃了那麼久 現在才發現我們都吃錯了! _ People Insider_files
[2014/06/03 00:51:47 | 000,307,609 | ---- | C] ()(C:\Users\SiewYun\Documents\??????? ???????????! _ People Insider.htm) -- C:\Users\SiewYun\Documents\大蒜吃了那麼久 現在才發現我們都吃錯了! _ People Insider.htm
[2014/06/03 00:51:47 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\??????? ???????????! _ People Insider_files) -- C:\Users\SiewYun\Documents\大蒜吃了那麼久 現在才發現我們都吃錯了! _ People Insider_files
[2014/05/31 15:16:08 | 000,026,942 | ---- | M] ()(C:\Users\SiewYun\Documents\????????????!!!.htm) -- C:\Users\SiewYun\Documents\电饭锅做蛋糕原来如此简单!!!.htm
[2014/05/31 15:16:08 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\????????????!!!_files) -- C:\Users\SiewYun\Documents\电饭锅做蛋糕原来如此简单!!!_files
[2014/05/31 15:16:07 | 000,026,942 | ---- | C] ()(C:\Users\SiewYun\Documents\????????????!!!.htm) -- C:\Users\SiewYun\Documents\电饭锅做蛋糕原来如此简单!!!.htm
[2014/05/31 15:16:07 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\????????????!!!_files) -- C:\Users\SiewYun\Documents\电饭锅做蛋糕原来如此简单!!!_files
[2014/05/30 15:06:26 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\?????!?????,??????,????!_files) -- C:\Users\SiewYun\Documents\别轻易吃药!哪里不舒服,就吃哪种水果,赶紧收藏!_files
[2014/05/13 00:11:52 | 000,083,152 | ---- | M] ()(C:\Users\SiewYun\Documents\8??????????! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\8间大马的世外桃源住宿! _ Giga Circle.htm
[2014/05/13 00:11:52 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\8??????????! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\8间大马的世外桃源住宿! _ Giga Circle_files
[2014/05/13 00:11:51 | 000,083,152 | ---- | C] ()(C:\Users\SiewYun\Documents\8??????????! _ Giga Circle.htm) -- C:\Users\SiewYun\Documents\8间大马的世外桃源住宿! _ Giga Circle.htm
[2014/05/13 00:11:51 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\8??????????! _ Giga Circle_files) -- C:\Users\SiewYun\Documents\8间大马的世外桃源住宿! _ Giga Circle_files
[2014/05/01 14:01:27 | 000,012,262 | ---- | M] ()(C:\Users\SiewYun\Documents\??????????,????```.htm) -- C:\Users\SiewYun\Documents\如果你身边有人胃不好,保存起来```.htm
[2014/05/01 14:01:27 | 000,012,262 | ---- | C] ()(C:\Users\SiewYun\Documents\??????????,????```.htm) -- C:\Users\SiewYun\Documents\如果你身边有人胃不好,保存起来```.htm
[2014/05/01 14:01:27 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\??????????,????```_files) -- C:\Users\SiewYun\Documents\如果你身边有人胃不好,保存起来```_files
[2014/05/01 14:01:27 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\??????????,????```_files) -- C:\Users\SiewYun\Documents\如果你身边有人胃不好,保存起来```_files
[2014/03/18 13:59:58 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\??) -- C:\Users\SiewYun\Documents\人体
[2014/03/18 13:53:06 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\??) -- C:\Users\SiewYun\Documents\人体
[2014/03/18 01:55:25 | 000,053,306 | ---- | M] ()(C:\Users\SiewYun\Documents\???????????????,??????????!.htm) -- C:\Users\SiewYun\Documents\睡觉诀窍教你睡五分钟等于六钟头,值得收藏一辈子的秘密!.htm
[2014/03/18 01:55:25 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\???????????????,??????????!_files) -- C:\Users\SiewYun\Documents\睡觉诀窍教你睡五分钟等于六钟头,值得收藏一辈子的秘密!_files
[2014/03/18 01:55:25 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\???????????????,??????????!_files) -- C:\Users\SiewYun\Documents\睡觉诀窍教你睡五分钟等于六钟头,值得收藏一辈子的秘密!_files
[2014/03/18 01:55:24 | 000,053,306 | ---- | C] ()(C:\Users\SiewYun\Documents\???????????????,??????????!.htm) -- C:\Users\SiewYun\Documents\睡觉诀窍教你睡五分钟等于六钟头,值得收藏一辈子的秘密!.htm
[2014/03/16 13:09:11 | 000,054,626 | ---- | M] ()(C:\Users\SiewYun\Documents\?????!?????,??????,????!.htm) -- C:\Users\SiewYun\Documents\别轻易吃药!哪里不舒服,就吃哪种水果,赶紧收藏!.htm
[2014/03/16 13:09:11 | 000,054,626 | ---- | C] ()(C:\Users\SiewYun\Documents\?????!?????,??????,????!.htm) -- C:\Users\SiewYun\Documents\别轻易吃药!哪里不舒服,就吃哪种水果,赶紧收藏!.htm
[2014/03/16 13:09:11 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\?????!?????,??????,????!_files) -- C:\Users\SiewYun\Documents\别轻易吃药!哪里不舒服,就吃哪种水果,赶紧收藏!_files
[2014/03/07 15:10:36 | 000,602,880 | ---- | M] ()(C:\Users\SiewYun\Documents\???????!? ?????????????!????????!... - F a c e b o o k News ?????.htm) -- C:\Users\SiewYun\Documents\【健康咨询分享!】 看了知道如何保健自己的身体!希望大家帮忙广传!... - F a c e b o o k News 新闻最前线.htm
[2014/03/07 15:10:36 | 000,000,000 | ---D | M](C:\Users\SiewYun\Documents\???????!? ?????????????!????????!... - F a c e b o o k News ?????_files) -- C:\Users\SiewYun\Documents\【健康咨询分享!】 看了知道如何保健自己的身体!希望大家帮忙广传!... - F a c e b o o k News 新闻最前线_files
[2014/03/07 15:10:35 | 000,000,000 | ---D | C](C:\Users\SiewYun\Documents\???????!? ?????????????!????????!... - F a c e b o o k News ?????_files) -- C:\Users\SiewYun\Documents\【健康咨询分享!】 看了知道如何保健自己的身体!希望大家帮忙广传!... - F a c e b o o k News 新闻最前线_files
[2014/03/07 15:10:34 | 000,602,880 | ---- | C] ()(C:\Users\SiewYun\Documents\???????!? ?????????????!????????!... - F a c e b o o k News ?????.htm) -- C:\Users\SiewYun\Documents\【健康咨询分享!】 看了知道如何保健自己的身体!希望大家帮忙广传!... - F a c e b o o k News 新闻最前线.htm
[2013/11/30 09:56:04 | 000,286,790 | ---- | M] ()(C:\Users\SiewYun\Documents\???????.docx) -- C:\Users\SiewYun\Documents\最强的排毒食物.docx
[2013/11/30 09:56:03 | 000,286,790 | ---- | C] ()(C:\Users\SiewYun\Documents\???????.docx) -- C:\Users\SiewYun\Documents\最强的排毒食物.docx
[2013/11/29 21:46:22 | 000,217,241 | ---- | M] ()(C:\Users\SiewYun\Documents\??????.docx) -- C:\Users\SiewYun\Documents\治近视的秘方.docx
[2013/11/29 21:46:22 | 000,217,241 | ---- | C] ()(C:\Users\SiewYun\Documents\??????.docx) -- C:\Users\SiewYun\Documents\治近视的秘方.docx
[2013/11/28 09:48:03 | 000,312,831 | ---- | M] ()(C:\Users\SiewYun\Documents\????.docx) -- C:\Users\SiewYun\Documents\关于大蒜.docx
[2013/11/28 09:48:02 | 000,312,831 | ---- | C] ()(C:\Users\SiewYun\Documents\????.docx) -- C:\Users\SiewYun\Documents\关于大蒜.docx
[2013/11/28 09:43:41 | 000,015,804 | ---- | M] ()(C:\Users\SiewYun\Documents\??????????.docx) -- C:\Users\SiewYun\Documents\七种公司永远无法做大.docx
[2013/11/28 09:43:40 | 000,015,804 | ---- | C] ()(C:\Users\SiewYun\Documents\??????????.docx) -- C:\Users\SiewYun\Documents\七种公司永远无法做大.docx
[2013/11/25 22:56:27 | 000,220,067 | ---- | M] ()(C:\Users\SiewYun\Documents\????.docx) -- C:\Users\SiewYun\Documents\中华论坛.docx
[2013/11/25 22:56:26 | 000,220,067 | ---- | C] ()(C:\Users\SiewYun\Documents\????.docx) -- C:\Users\SiewYun\Documents\中华论坛.docx
[2013/11/24 14:10:52 | 001,068,973 | ---- | M] ()(C:\Users\SiewYun\Documents\???????-roti canai.docx) -- C:\Users\SiewYun\Documents\家裡沒有食材時-roti canai.docx
[2013/11/24 14:10:51 | 001,068,973 | ---- | C] ()(C:\Users\SiewYun\Documents\???????-roti canai.docx) -- C:\Users\SiewYun\Documents\家裡沒有食材時-roti canai.docx
[2013/11/21 23:35:16 | 000,013,534 | ---- | M] ()(C:\Users\SiewYun\Documents\??????????????.docx) -- C:\Users\SiewYun\Documents\散户记住这十句话一定会挣大钱.docx
[2013/11/21 23:35:15 | 000,013,534 | ---- | C] ()(C:\Users\SiewYun\Documents\??????????????.docx) -- C:\Users\SiewYun\Documents\散户记住这十句话一定会挣大钱.docx
[2013/08/15 11:22:46 | 000,018,563 | ---- | M] ()(C:\Users\SiewYun\Documents\????90?.docx) -- C:\Users\SiewYun\Documents\家事妙法90招.docx
[2013/08/15 11:22:46 | 000,018,563 | ---- | C] ()(C:\Users\SiewYun\Documents\????90?.docx) -- C:\Users\SiewYun\Documents\家事妙法90招.docx
[2013/05/13 21:54:11 | 000,017,458 | ---- | M] ()(C:\Users\SiewYun\Documents\?????????????????.docx) -- C:\Users\SiewYun\Documents\医院医生和护士都不愿说的医学小常识.docx
[2013/05/13 21:54:10 | 000,017,458 | ---- | C] ()(C:\Users\SiewYun\Documents\?????????????????.docx) -- C:\Users\SiewYun\Documents\医院医生和护士都不愿说的医学小常识.docx
(C:\Users\SiewYun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\SiewYun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\西瓜影音
(C:\Users\SiewYun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\SiewYun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\西瓜
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\SiewYun\SkyDrive:ms-properties

< End of report >
 


  • 0

Advertisements

#2
eys12345
Posted 03 December 2014 - 12:21 PM

eys12345

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

OTL Extras logfile created on: 12/4/2014 1:55:06 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SiewYun\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 44.59% Memory free
6.00 Gb Paging File | 3.64 Gb Available in Paging File | 60.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.61 Gb Total Space | 715.33 Gb Free Space | 77.62% Space Free | Partition Type: NTFS
Drive F: | 496.00 Mb Total Space | 446.02 Mb Free Space | 89.92% Space Free | Partition Type: FAT32
Drive X: | 350.00 Mb Total Space | 49.91 Mb Free Space | 14.26% Space Free | Partition Type: NTFS
Drive Y: | 8.43 Gb Total Space | 0.23 Gb Free Space | 2.75% Space Free | Partition Type: NTFS
 
Computer Name: DAVID_LING | User Name: SiewYun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7487D71D-938C-419D-9DCC-DA9BA0DE00F3}" = lport=5556 | protocol=6 | dir=in | name=videostream |
"{768194DD-A218-4A6F-84E3-DC584575FFE6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{95107434-368F-411B-AD8E-30DBFB92665A}" = lport=5558 | protocol=6 | dir=in | name=videostream mobile |
"{A19409CE-B4EA-4E68-AC40-18957EBA04A2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E5A374D1-EB97-4F88-9E00-FB900A6694BE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015B277E-BF88-4C02-98A7-8296CB5C5856}" = dir=out | name=@{microsoft.zunevideo_2.6.408.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{01E02BEB-E9D8-4BD8-84F2-F91EA90FEF63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{06881164-E230-4447-B6DD-9861E2EBCAB8}" = dir=out | name=ebay |
"{085FD87E-B281-484C-8DE3-151A1A8BCF61}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgmedalloader.exe |
"{0FAD9EFD-D9D4-4D58-9716-9C2939245DA4}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.9.3.12\statreport.exe |
"{0FD700FF-F193-49E4-8775-23C43037FD87}" = dir=in | app=c:\program files\hp\hp deskjet 2510 series\bin\usbsetup.exe |
"{15018CB4-3555-49C9-AA68-41F7A7AC43C5}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\components\sogoucommgr.exe |
"{150B5222-011B-4A97-BE13-8258E4296E85}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1783ADEE-3346-48E5-B0E4-532AD7944BA9}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\pinyinup.exe |
"{18ACB788-4F11-46BF-888F-951E78FDD208}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{18F07821-B148-4635-99D5-A37CC9552260}" = dir=out | name=sonicwall mobile connect |
"{19194269-1793-497D-A8F5-D2E71B722514}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{19BD7E5B-512B-411B-B7B2-CBEDA67A5DB4}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\pinyinup.exe |
"{1A6FFDBA-E63B-4BD7-8E8F-AF1C3DE21D53}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.9.3.12\baidumediaservice.exe |
"{1B41BE25-4FB2-400E-B258-05CBE2C3A374}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{254CEE6B-9F5E-4E1D-950C-C6515C512B5A}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sogoucloud.exe |
"{26F3FAA7-5B31-4CC8-A769-DB04E2BFA389}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.9.3.12\baidusetupax_0.exe |
"{3271E6A4-AA82-4EC7-9CC5-225F5BA6AA6C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{378001B6-2EDA-43FC-806B-144859A7DFBE}" = dir=in | name=skype |
"{38A46BC3-101E-4388-8AF0-A1A1F42633DB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{39E7D109-2727-4094-9FFF-F2A814CC035F}" = dir=in | app=c:\users\siewyun\appdata\local\temp\nso2b0.tmp\cnetinstaller-10389042.exe |
"{3AFF3B4E-ABBD-4FE9-AF55-C8FC3C7CD2D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{3E183948-0D7E-4338-B1DA-325B12DCF34E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{3E6FA123-3D78-4292-BACC-A99B23C3F284}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\usernetschedule.exe |
"{3F973CAE-E2E6-4593-A100-959C959A0947}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sgdownload.exe |
"{3F9A345E-A824-428C-A29C-1495B4F13C3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{3F9B52F7-198B-4A53-BFCE-B3F85983DA13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{40F0A850-DBCE-4969-B45F-F63B10CC8334}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\pinyinup.exe |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{42BFE885-8021-4B45-BC73-1675F5BCE073}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sogoucloud.exe |
"{436997C4-863F-4CA8-9E22-9D902BC01B17}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{468BE417-F150-43F8-BF6E-6EA485AA2F70}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sgtool.exe |
"{4C985FAB-3860-467B-A673-5A91C040C3BA}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sogoucloud.exe |
"{4F4FF3E0-D61A-4130-8DA8-7591D3AE688C}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{54788570-A899-42CB-B9B0-AE7C9ABAD42D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{552B057A-6347-43E7-B11D-17A6316E9D45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5665BFE2-2C35-46CB-9FA6-18A1394CA4CC}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgtool.exe |
"{56AA9819-A0C3-4CBF-99A4-F6868E6021C6}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\components\sogoucommgr.exe |
"{57F9D539-0EE4-4972-817C-DD5F13BC60FB}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{59953680-A255-42F2-9AF2-9AB2A1A8E264}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\pinyinup.exe |
"{59E35B2C-A735-450E-8D39-69B79A32E728}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5B636416-143F-454A-9B93-FB35978E93D6}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgmedalloader.exe |
"{5DF9B58F-C445-40C9-A4D7-6F9E89757F65}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\pinyinup.exe |
"{5EFD67CD-C9B8-4323-B9A1-38B03BA7DF54}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\usernetschedule.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{60FB7EAB-1716-436B-8189-C3FE933ACA25}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sogoucloud.exe |
"{63C582A4-C875-4BE5-A80A-DDCBB6E64CA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{64F712CD-5E8B-47EB-86E3-FFBF31D4B6E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{653E65AB-9964-4FA8-9B02-FD6528CC1AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgtool.exe |
"{66D78FE0-AD0A-497D-BFD7-882961CF096B}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sogoucloud.exe |
"{68B47DA1-380F-44FB-92DE-7B47F27D19D5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{69199F42-A694-4079-B28D-DA1355566E39}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\imeutil.exe |
"{6C36E112-91D0-40D9-9864-E58AD51651A8}" = dir=in | name=hp all-in-one printer remote |
"{6D44339E-E7F1-4A99-83B5-6DF9E22CFB31}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{6DC3547C-5265-410D-AD45-F319F4A3877A}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{6DE35EE6-0016-4BD6-95B9-E45BDEAFBDC3}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgdownload.exe |
"{70CE7B81-167E-4144-96B1-D44ED5A1188A}" = dir=out | app=c:\users\siewyun\appdata\local\temp\nso2b0.tmp\cnetinstaller-10389042.exe |
"{70E19F14-FCB7-410A-9485-11B965E22253}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgmedalloader.exe |
"{71A1BC07-7AF0-4FBD-A605-C586313C29CA}" = protocol=17 | dir=in | app=c:\users\public\sogouinput\usbdt\octopusdownloader.exe |
"{726DD6A0-4A1B-4407-9E5F-A7B95D4D0541}" = dir=in | name=juniper networks junos pulse |
"{72B664F5-9C59-49C4-8619-A107F2EA2FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgdownload.exe |
"{7358D8A9-6F01-4407-9B41-F54191EC79C0}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sgdownload.exe |
"{74F866F0-15D0-4FDC-B102-849CE1399D95}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgmedalloader.exe |
"{75098B46-A211-4B88-BED0-027CF630DE06}" = dir=out | name=@{microsoft.bingsports_3.0.4.244_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{76711EF4-28E6-4B01-8D21-7379C02AB80A}" = dir=out | name=windows_ie_ac_001 |
"{7FE7D03B-61A2-4017-A86A-66FA1A1C7107}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\pinyinup.exe |
"{806CA417-390B-47A9-AA46-D2CD44D8542E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{826B3027-2D20-4093-AF11-4F82E585057E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{834D4510-318F-4792-8F27-4B4A2DBD3BD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{83F1C6C0-ADDB-4322-A5C5-C87E2C88BB99}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sogoucloud.exe |
"{857B2E4E-BBC8-4375-8E26-5A007DCE339E}" = protocol=17 | dir=in | app=c:\users\public\sogouinput\usbdt\octopusdownloader.exe |
"{863DA784-624D-4824-B999-A4667902DE08}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{87A043CD-0F9B-4E0A-B732-FE4705963E36}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\xlrcsreport.exe |
"{87E3E3A2-A132-4DC5-9581-F30FF334B61E}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{8923DB23-56FE-4CC9-A8FD-EC47B1D66391}" = protocol=17 | dir=in | app=c:\users\siewyun\downloads\baiduplayernetsetup_120660782.exe |
"{8B3D26AA-CC2A-4378-B270-34F3CDC3C512}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{8BCD0D70-35DE-443B-9374-7BD1C4754C70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{8D8D8679-540E-4110-9CC9-2B79C6F23CDF}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\imeutil.exe |
"{8DE443FC-905D-48A4-B18C-77D07D5DB324}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{8E236E2B-CA49-4244-AC8F-3002F67F137D}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.9.3.12\statreport.exe |
"{8F3FF97C-8FF1-4C3F-B31A-8789DFA50DAB}" = protocol=17 | dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate3.9.3.12.exe |
"{90C313EC-D211-4C64-BF33-6815F586678E}" = dir=in | name=f5 vpn |
"{92EA8B15-3A29-4D6A-9285-9CE7A4CC40F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{937BA8FC-C8AC-4FE5-98C1-F7961DD59C3E}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{93E2AA61-6E57-4943-A171-77B9015C5FA9}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sgtool.exe |
"{953BB636-9BCB-4A25-9874-E734F311F773}" = dir=in | name=sonicwall mobile connect |
"{95E9D84D-FB53-4EFC-BA5F-7ACEFA62A896}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sgdownload.exe |
"{960B94C5-1BE9-4AC4-A784-3AC7D31BD82F}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\pinyinup.exe |
"{96269AF3-1BA6-4347-8F7F-FAD4E80DF954}" = dir=in | name=check point vpn |
"{96991266-D2C3-4602-AF47-04C353B882B9}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sogoucloud.exe |
"{975FA970-1D55-40CE-84C2-61330382FA02}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{98A4CEE0-27B8-4A8F-A981-36EED4AE8CCE}" = dir=in | app=c:\users\siewyun\appdata\local\microsoft\skydrive\skydrive.exe |
"{9925B0D6-FC5C-4972-8691-3FFF8B2728D3}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{9AEB797F-8057-4F01-99E8-FA9D581A5266}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\components\sogoucommgr.exe |
"{9C2884DC-00C4-4D3D-A84A-449401C32468}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CD174B3-A754-4A79-B2E2-BB7F52D03877}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\components\sogoucommgr.exe |
"{9E02F101-C4E8-43CB-A219-07C6173A670D}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\imeutil.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A0749BB7-91D3-44DF-B91F-C66EBDCE0C2F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A5154904-D830-4462-8A87-6168E346FD34}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\xlrcsreport.exe |
"{A57A1BCD-6BBB-4B1A-ABAF-FE7D09194A10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A7257EFC-AF5E-4D92-811B-DD9D587CF0DE}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.9.3.12\baidumediaservice.exe |
"{A7E15E15-8FA4-4E24-BE2E-6AC2DB5E7116}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A9C58407-F6C2-47F7-91D6-3765E425386F}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sogoucloud.exe |
"{AC0F9EB5-847C-416F-A1EF-712BF94741B1}" = dir=out | name=check point vpn |
"{AEBBD849-AB61-4298-80E9-CE58205C1069}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B1403C29-B8A5-442E-94BA-ED3E99135AA7}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgtool.exe |
"{B434F134-1746-4AEC-955F-B329D2159106}" = dir=out | name=windows_ie_ac_001 |
"{B4416750-9F34-4D6E-9115-82B5836D39E4}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B8AE74DB-2503-49ED-ADEF-60EE80B36258}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\usernetschedule.exe |
"{BFCD95F7-0FFF-46F9-8F44-B91D94D75F91}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C0CBBCF8-DF11-4ADC-87A1-9E7D169FEBC4}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.9.3.12\baiduplayer.exe |
"{C288D7AD-B091-4CB9-BF2F-C789F14C7981}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C30EDEB7-4247-45A1-8AF2-62967EA3FC6C}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.9.3.12\baiduplayer.exe |
"{C35454A2-C1AD-428A-9F45-7B70ADC7EDDC}" = protocol=6 | dir=in | app=c:\users\public\sogouinput\usbdt\octopusdownloader.exe |
"{C3B86E7E-35FD-4B3B-A2A3-3B3716CE7D18}" = dir=out | name=f5 vpn |
"{CE874887-7E7A-4924-9253-EAE6599342BB}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.9.3.12\baidusetupax_0.exe |
"{CF7FE410-FE89-4E24-A42A-E483443FB6F6}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgtool.exe |
"{D15C493B-2193-4410-9653-92033586A933}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\usernetschedule.exe |
"{D1C59835-6AEF-4F99-9DBA-C1A9028168DE}" = dir=out | name=mcafee® central for dell |
"{D2DCC03F-FED5-4927-8910-F88F9B2EB8C5}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sgtool.exe |
"{D550AC91-803E-4886-B1EF-B8F64A23195A}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{D559AFDF-D7FA-4B43-A3CE-501F882FC893}" = protocol=6 | dir=in | app=c:\users\siewyun\downloads\baiduplayernetsetup_120660782.exe |
"{D5929928-9B2A-4A73-B2D4-1CAFF29AD975}" = dir=out | name=hp all-in-one printer remote |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D6B1D3B1-BD80-4945-9DCE-CC14817E62CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{DA0C74C0-0C9F-42A1-9424-386354F475BE}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DC5AF764-4B9F-40EB-99CA-62F5ECE2CA46}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{DCBA72BA-BBD7-41BF-BF44-D63F0B061CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\imeutil.exe |
"{DD88E0B4-3B7F-4F92-A13B-C9F097A6AD3E}" = dir=out | name=@{microsoft.bingfinance_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{DEE6532B-A43E-4D3B-BA25-FB37F7049B87}" = dir=out | name=juniper networks junos pulse |
"{E1D21C1A-089B-4E2D-AA84-9174E5CB9E87}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E27187FC-6AAA-415D-864F-D1E5303A1FD8}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E435F6D4-34D7-4297-AA93-6BD12038D8A4}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EB789AFE-21BF-480A-AA81-1EE012E9D267}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ECE885F8-7351-4D5F-A0FE-A6AE6648331E}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sgdownload.exe |
"{ED9CFADD-8BAE-4420-BB3A-9BBBB49B6CA1}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\sgtool.exe |
"{EEBF2CA6-8E73-4F65-8B72-B4258003529A}" = dir=out | name=skype |
"{EF63E72E-87FB-4356-B371-C4986256BBD3}" = protocol=6 | dir=in | app=c:\users\public\sogouinput\usbdt\octopusdownloader.exe |
"{F2AF7D24-9336-48BC-99B1-B04AF4CF9B72}" = dir=out | name=@{microsoft.zunemusic_2.6.476.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{F2F395F8-1496-4E21-B750-D9AD2EF67E42}" = dir=out | name=@{microsoft.bingweather_3.0.4.214_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{F43409AC-EFE6-4A43-9FAA-1BD0CCEBCB11}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{F5B09099-E387-44FE-B404-2BC85DE7922E}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgdownload.exe |
"{F5C8E6D2-0D0F-4BD7-84E1-F6420B01BDDD}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.4.0.3734\sgdownload.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F83670BB-13F6-4BF7-B673-2749E72E2CDE}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.1.0.2057\pinyinup.exe |
"{FAFAC5AC-CAC1-4CFF-8489-06C8ABA7F4FF}" = dir=in | name=mcafee® central for dell |
"{FC99F4BE-C57B-4986-BA05-1788652541E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FECF7C63-798C-480D-9849-D2E02D63A0F6}" = protocol=6 | dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate3.9.3.12.exe |
"TCP Query User{1EA7E5A4-B855-4644-B324-4410C74873C9}C:\program files (x86)\qvodplayer\qvodiosdown.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodiosdown.exe |
"TCP Query User{4A7C3023-2B73-4F34-9EDF-F3FCBE161FED}C:\users\siewyun\desktop\david\sme\warcraft\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\siewyun\desktop\david\sme\warcraft\warcraft iii\war3.exe |
"TCP Query User{4A8A744B-411B-401C-A352-44322C2FBAED}C:\users\siewyun\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\siewyun\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{4BC2E381-D900-491A-ACD5-FD146BAC2EBF}C:\program files (x86)\xigua\2.7.0.32\xgtray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xigua\2.7.0.32\xgtray.exe |
"TCP Query User{4DEE936F-DB91-4D6E-8613-FD7E8C86B89E}C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe |
"TCP Query User{587814D2-382F-4A42-885A-A875F677D9F2}C:\program files (x86)\xigua\2.2.0.26\xgengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xigua\2.2.0.26\xgengine.exe |
"TCP Query User{5A4A0A32-35AB-43BE-82A4-6636FA4FC1D2}C:\program files (x86)\xigua\2.2.0.26\xgtray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xigua\2.2.0.26\xgtray.exe |
"TCP Query User{69515F97-A713-4AC9-BC68-831826D56588}C:\program files (x86)\qvodplayer\qvodplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodplayer.exe |
"TCP Query User{7794D250-BCD7-4824-ABB8-B74BF94B122A}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"TCP Query User{9C322C24-7246-4E3D-901F-76CAEB5758D9}C:\program files (x86)\qvodplayer\qvodiosdown.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodiosdown.exe |
"TCP Query User{D7496A6C-7268-4A73-8908-29DC8229AB57}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{E4FEEF37-D4F9-4871-B61A-D9A32923FAF6}C:\program files (x86)\xigua\2.7.0.32\xgengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xigua\2.7.0.32\xgengine.exe |
"TCP Query User{EC534D11-A304-4878-87B1-F1A145E5DA53}C:\program files (x86)\xigua\xgengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xigua\xgengine.exe |
"TCP Query User{FC2485FF-E48A-491F-AF22-4D38ACC073F0}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe |
"UDP Query User{0962BD20-1D03-4650-AE88-CE572545469B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{0F7C699B-79BC-47EE-B0AE-726B830F1C88}C:\users\siewyun\desktop\david\sme\warcraft\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\siewyun\desktop\david\sme\warcraft\warcraft iii\war3.exe |
"UDP Query User{31EA7F6D-C965-4A4C-BC33-400FA46D36F1}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"UDP Query User{456815E2-F0DC-4E17-997E-38EB5062C52F}C:\users\siewyun\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\siewyun\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{56920688-5201-4728-8750-F44EE3ECB343}C:\program files (x86)\xigua\2.2.0.26\xgengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xigua\2.2.0.26\xgengine.exe |
"UDP Query User{5D1129CC-CF33-4DB9-8B70-B9B858852095}C:\program files (x86)\qvodplayer\qvodplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodplayer.exe |
"UDP Query User{6061F0BA-0777-48C5-82FB-2EF93255A0AF}C:\program files (x86)\qvodplayer\qvodiosdown.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodiosdown.exe |
"UDP Query User{ABB9BA88-DF5A-4DFB-98D3-B182F2838CB1}C:\program files (x86)\xigua\2.7.0.32\xgtray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xigua\2.7.0.32\xgtray.exe |
"UDP Query User{B13B2A8C-34FE-41FB-BBF1-AC1A6DB5025D}C:\program files (x86)\xigua\2.2.0.26\xgtray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xigua\2.2.0.26\xgtray.exe |
"UDP Query User{B1F66A92-0534-4FCE-AF06-736A9E447616}C:\program files (x86)\xigua\xgengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xigua\xgengine.exe |
"UDP Query User{C7494FF1-74B1-4F04-B69A-CDFDBA82165D}C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe |
"UDP Query User{D238D726-2826-43DC-8352-CE966E1DCB18}C:\program files (x86)\qvodplayer\qvodiosdown.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodiosdown.exe |
"UDP Query User{E9C08FA7-22C8-4951-8608-EC486AFE6BC2}C:\program files (x86)\xigua\2.7.0.32\xgengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xigua\2.7.0.32\xgengine.exe |
"UDP Query User{FCAC6104-4C2A-4E67-A51F-377FDB621021}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{235E711E-20A7-4BF4-8913-B295343A4996}" = AvcEngine
"{293CC68A-32BA-4BA4-84BD-0DCF6583566F}" = HP Deskjet 2510 series Basic Device Software
"{4AB460FF-4DB2-482B-AEF5-AFD516373BDC}" = Update for CHS Microsoft IME HAP Dictionary
"{4B3264AA-951A-4A6B-B837-125224261F12}" = HP Deskjet 2510 series Product Improvement Study
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}" = AdAwareUpdater
"{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater" = Ad-Aware Antivirus
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{721A858C-9C26-4832-8958-CDAFFC596E3D}" = AntispamEngine
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{877C7A27-7529-4B0C-BA7B-4D697E90DDC1}" = FirewallEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A8F67345-FA75-4E99-AEBA-DE9BFE708A49}" = OnlineThreatsEngine
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{CC347FC6-C8D7-493A-B70E-1D89E22691A7}" = AntimalwareEngine
"{E56846B3-745F-443C-9C17-BC371A0902E0}" = AdAwareInstaller
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us
"PC-Doctor for Windows" = My Dell
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{10640F6D-6AB0-401E-9FC6-A94D19C580BC}" = Windows Live UX Platform Language Pack
"{147FBA18-A6BB-4AD5-8F0A-37380AAABD76}" = Photo Common
"{2020C08E-74F5-4E9F-BD2A-41F8CB6EBA10}" = Photo Gallery
"{216C7F38-4BBC-4E9A-8392-C9FA21B54386}" = HP Deskjet 2510 series Setup Guide
"{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}" = HP Deskjet 2510 series Help
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3BD8FD6A-D36D-45D9-BB5C-CD39404C222F}" = Windows Live Writer Resources
"{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}" = Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4AB9FFAB-FFA5-49AF-9712-68B7B859B1F3}" = Windows Live Writer
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8BC85D25-AF2D-40DA-BD04-016B64D384BF}" = Windows Live Mail
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{91D59688-8209-4569-B581-B870BDC74EAB}" = Windows Live Messenger
"{936D4074-6A57-45ED-AF5A-F7CF5A56DE6F}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}" = Videostream Port Fix
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E9C450A0-4606-11E0-9207-0800200C9A66}" = HP Virtual Room Client Launcher Plugin
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8.5
"deskPDF Studio_is1" = deskPDF Studio X
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PrivDog" = PrivDog
"QPostPro" = QPostPro 2.5.4.49
"RealPlayer 16.0" = RealPlayer
"Sogou Input" = 搜狗拼音输入法 7.4正式版
"Steam" = Steam
"Steam App 570" = Dota 2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"西瓜" = 西瓜
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1" = ChromecastApp
"OneDriveSetup.exe" = Microsoft OneDrive
"Search Protection" = Search Protection
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/26/2014 8:54:08 AM | Computer Name = David_Ling | Source = MsiInstaller | ID = 11905
Description =
 
Error - 11/26/2014 8:54:09 AM | Computer Name = David_Ling | Source = MsiInstaller | ID = 11905
Description =
 
Error - 11/26/2014 8:54:10 AM | Computer Name = David_Ling | Source = MsiInstaller | ID = 11905
Description =
 
Error - 11/26/2014 8:54:10 AM | Computer Name = David_Ling | Source = MsiInstaller | ID = 11905
Description =
 
Error - 11/26/2014 8:54:11 AM | Computer Name = David_Ling | Source = MsiInstaller | ID = 11905
Description =
 
Error - 12/2/2014 8:46:47 PM | Computer Name = David_Ling | Source = Application Error | ID = 1000
Description = Faulting application name: delegate_execute.exe, version: 39.0.2171.71,
 time stamp: 0x54740307  Faulting module name: delegate_execute.exe, version: 39.0.2171.71,
 time stamp: 0x54740307  Exception code: 0xc0000005  Fault offset: 0x00038478  Faulting
 process id: 0x2dc  Faulting application start time: 0x01d00e929c9dda1c  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe
Faulting
 module path: C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe
Report
 Id: dbc58492-7a85-11e4-bfb1-a41f72692a0f  Faulting package full name:   Faulting package-relative
 application ID:
 
Error - 12/3/2014 11:39:43 AM | Computer Name = David_Ling | Source = Application Error | ID = 1000
Description = Faulting application name: delegate_execute.exe, version: 39.0.2171.71,
 time stamp: 0x54740307  Faulting module name: delegate_execute.exe, version: 39.0.2171.71,
 time stamp: 0x54740307  Exception code: 0xc0000005  Fault offset: 0x00037dd3  Faulting
 process id: 0x1454  Faulting application start time: 0x01d00f0f479ade13  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe
Faulting
 module path: C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe
Report
 Id: 996502f1-7b02-11e4-bfb4-a41f72692a0f  Faulting package full name:   Faulting package-relative
 application ID:
 
Error - 12/3/2014 11:52:51 AM | Computer Name = David_Ling | Source = Application Hang | ID = 1002
Description = The program LiveComm.exe version 17.5.9600.20605 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1784    Start
 Time: 01d00f10757094ab    Termination Time: 4294967295    Application Path: C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report
 Id: 69d158df-7b04-11e4-bfb4-a41f72692a0f    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting
 package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1  
 
Error - 12/3/2014 12:22:42 PM | Computer Name = David_Ling | Source = Application Hang | ID = 1002
Description = The program LiveComm.exe version 17.5.9600.20605 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1b88    Start
 Time: 01d00f14a6aadc49    Termination Time: 4294967295    Application Path: C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report
 Id: 99f2c6f6-7b08-11e4-bfb4-a41f72692a0f    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting
 package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1  
 
Error - 12/3/2014 12:30:11 PM | Computer Name = David_Ling | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 33.1.0.5423,
 time stamp: 0x545c0a59  Faulting module name: mozalloc.dll, version: 33.1.0.5423,
 time stamp: 0x545be5ee  Exception code: 0x80000003  Fault offset: 0x00001425  Faulting
 process id: 0x1468  Faulting application start time: 0x01d00f048c5acec7  Faulting application
 path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe  Faulting module
 path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Report Id: a63d9f53-7b09-11e4-bfb4-a41f72692a0f
Faulting
 package full name:   Faulting package-relative application ID:
 
[ System Events ]
Error - 11/30/2014 1:46:49 PM | Computer Name = David_Ling | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the LavasoftAdAwareService11 service.
 
Error - 11/30/2014 1:47:29 PM | Computer Name = David_Ling | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error:   %%2
 
Error - 11/30/2014 10:30:34 PM | Computer Name = David_Ling | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error:   %%2
 
Error - 12/2/2014 9:09:40 AM | Computer Name = David_Ling | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error:   %%2
 
Error - 12/2/2014 8:44:37 PM | Computer Name = David_Ling | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error:   %%2
 
Error - 12/2/2014 9:07:33 PM | Computer Name = David_Ling | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error:   %%2
 
Error - 12/3/2014 7:19:16 AM | Computer Name = David_Ling | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error:   %%2
 
Error - 12/3/2014 9:02:14 AM | Computer Name = David_Ling | Source = NetBT | ID = 4300
Description = The driver could not be created.
 
Error - 12/3/2014 9:02:14 AM | Computer Name = David_Ling | Source = NetBT | ID = 4300
Description = The driver could not be created.
 
Error - 12/3/2014 9:02:35 AM | Computer Name = David_Ling | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error:   %%2
 
 
< End of report >
 


  • 0

#3
RKinner
Posted 04 December 2014 - 07:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP

It looks like baidu.  I think AdwCleaner will remove it.  See if any of these will run on a win 8:

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #4
    eys12345
    Posted 04 December 2014 - 11:43 PM

    eys12345

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Hi Expert

     

    This is the Adw report generated before your reply:

     

    # AdwCleaner v4.103 - Report created 04/12/2014 at 10:17:37
    # Updated 01/12/2014 by Xplode
    # Database : 2014-12-03.1 [Live]
    # Operating System : Windows 8.1 Single Language  (64 bits)
    # Username : SiewYun - DAVID_LING
    # Running from : C:\Users\SiewYun\Downloads\adwcleaner_4.103.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : iSafeKrnlBoot

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\SecTaskMan
    Folder Deleted : C:\ProgramData\pcdr
    Folder Deleted : C:\Users\Public\Device
    Folder Deleted : C:\Users\SiewYun\AppData\Local\Temp\iSafeRightKeyScan
    Folder Deleted : C:\Users\SiewYun\AppData\Roaming\pcdr
    Folder Deleted : C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
    File Deleted : C:\WINDOWS\System32\drivers\iSafeKrnlBoot.sys
    File Deleted : C:\WINDOWS\System32\log\iSafeKrnlCall.log

    ***** [ Scheduled Tasks ] *****

    Task Deleted : LaunchApp

    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\Users\SiewYun\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\firefox.exe - Shortcut.lnk
    Shortcut Disinfected : C:\Users\SiewYun\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\SiewYun\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.hao123.com

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v33.1 (x86 en-US)


    -\\ Google Chrome v39.0.2171.71


    *************************

    AdwCleaner[R2].txt - [1785 octets] - [28/07/2014 11:37:59]
    AdwCleaner[R3].txt - [1229 octets] - [28/07/2014 20:17:20]
    AdwCleaner[R4].txt - [1204 octets] - [28/07/2014 20:52:40]
    AdwCleaner[R5].txt - [4320 octets] - [04/12/2014 10:15:58]
    AdwCleaner[S2].txt - [1757 octets] - [28/07/2014 11:39:31]
    AdwCleaner[S3].txt - [1298 octets] - [28/07/2014 20:19:33]
    AdwCleaner[S4].txt - [1268 octets] - [28/07/2014 20:56:20]
    AdwCleaner[S5].txt - [4696 octets] - [04/12/2014 10:17:37]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [4756 octets] ##########
     


    • 0

    #5
    eys12345
    Posted 04 December 2014 - 11:47 PM

    eys12345

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    it worked!

     

    I attach the rest of the other scan reports as suggested, just wanna make sure they're really gone.

     

    FRST:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
    Ran by SiewYun (administrator) on DAVID_LING on 05-12-2014 13:27:31
    Running from C:\Users\SiewYun\Desktop
    Loaded Profile: SiewYun (Available profiles: SiewYun)
    Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Docudesk Corporation) C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
    () C:\Program Files (x86)\xigua\2.7.0.32\xgengine.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-13] (Realtek Semiconductor)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [SkyDrive] => C:\Users\SiewYun\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-10] (Microsoft Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10240 2013-08-22] (Microsoft Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [ImeGuardCom] => C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.26\SGImeGuard.exe [368760 2014-06-19] (Sogou.com Inc.)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [Google Update] => C:\Users\SiewYun\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-31] (Google Inc.)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\MountPoints2: {700cf3ce-bca8-11e2-be6f-a41f72692a0f} - "F:\WD SmartWare.exe" autoplay=true
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers-x32: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} =>  No File
    BootExecute: autocheck autochk * bootdelete
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3391250251-679178658-363545533-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
    SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> DefaultScope {7F84046E-812F-48EE-92B4-D8E52B87043C} URL =
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> {FBDA77BE-6BBE-4B77-84E8-9DFDDDDBC313} URL =
    BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} ->  No File
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    DPF: HKLM-x32 {1FAF427B-1EE5-43D3-A023-3009142AFCE1} https://www2.pbebank...l/csoex_pbb.cab
    DPF: HKLM-x32 {B9B2EE1A-E314-4338-A305-BE845EACB113} https://www2.pbebank...ntrol/csw25.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\or5vfbda.default-1417434209467
    FF Homepage: https://www.facebook.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
    FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @baidu.com/npBdyyPlugin -> C:\Program Files (x86)\baidu\BaiduPlayer\3.9.3.12\npbdyy.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
    FF Plugin-x32: @rooms.hp.com -> C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @xigua.com/npxgax -> C:\Program Files (x86)\xigua\2.7.0.32\npxgax.dll ()
    FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: @tools.google.com/Google Update;version=3 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: @tools.google.com/Google Update;version=9 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-24]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
    FF HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\y57zhh5c.default-1406574551022\extensions
    FF Extension: No Name - C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\or5vfbda.default-1417434209467\extensions\[email protected] [Not Found]

    Chrome:
    =======
    CHR HomePage: Default -> about:blank
    CHR StartupUrls: Default -> "https://www.facebook.com/", "https://apps.facebook.com/candycrush/?fb_source=bookmark&ref=bookmarks&count=0&fb_bmpos=_0", "https://apps.facebook.com/farmheroes/?type=partner&st1=kinghubs&st2=candycrush&st3=topbanner", "chrome://newtab/", "hxxp://www.hotmail.com/"
    CHR DefaultSearchKeyword: Default -> baidu.com
    CHR DefaultSearchURL: Default -> http://www.baidu.com...d={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
    CHR Profile: C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-02]
    CHR Extension: (Google Drive) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
    CHR Extension: (YouTube) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-02]
    CHR Extension: (Google Cast) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-31]
    CHR Extension: (Google Search) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-02]
    CHR Extension: (Google Wallet) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR Extension: (Gmail) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-02]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-19] (SoftThinks SAS)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
    R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-08-21] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
    R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-07-10] (BitDefender LLC)
    R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-07-10] (BitDefender LLC)
    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
    R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-07-29] ()
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
    S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
    S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
    S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-05 13:27 - 2014-12-05 13:28 - 00022382 _____ () C:\Users\SiewYun\Desktop\FRST.txt
    2014-12-05 13:27 - 2014-12-05 13:27 - 00000000 ____D () C:\FRST
    2014-12-05 13:25 - 2014-12-05 13:25 - 02117632 _____ (Farbar) C:\Users\SiewYun\Desktop\FRST64.exe
    2014-12-05 13:23 - 2014-12-05 13:25 - 02153472 _____ () C:\Users\SiewYun\Desktop\adwcleaner_4.104.exe
    2014-12-05 13:21 - 2014-12-05 13:21 - 00001650 _____ () C:\Users\SiewYun\Desktop\JRT.txt
    2014-12-05 13:18 - 2014-12-05 13:18 - 01707646 _____ (Thisisu) C:\Users\SiewYun\Desktop\JRT.exe
    2014-12-04 09:46 - 2014-12-04 10:26 - 00000000 ____D () C:\ProgramData\QvodPlayer
    2014-12-04 02:04 - 2014-12-04 02:04 - 00098608 _____ () C:\Users\SiewYun\Downloads\Extras.Txt
    2014-12-04 02:03 - 2014-12-04 02:03 - 00189826 _____ () C:\Users\SiewYun\Downloads\OTL.Txt
    2014-12-04 01:54 - 2014-12-04 01:54 - 00602112 _____ (OldTimer Tools) C:\Users\SiewYun\Downloads\OTL.exe
    2014-12-04 01:01 - 2014-12-04 01:01 - 02365840 _____ () C:\Users\SiewYun\Downloads\SecurityTaskManager_Setup.exe
    2014-12-03 21:23 - 2014-12-03 21:24 - 00000000 ____D () C:\ProgramData\IObit
    2014-12-03 21:23 - 2014-12-03 21:23 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\IObit
    2014-12-03 21:22 - 2014-12-03 21:23 - 32809520 _____ (IObit ) C:\Users\SiewYun\Downloads\IObit-Malware-Fighter-Setup.exe
    2014-12-03 21:14 - 2014-12-03 21:14 - 00448202 _____ () C:\Users\SiewYun\Downloads\AntiHijackSetup(1).exe
    2014-12-03 21:13 - 2014-12-03 21:13 - 00230744 _____ () C:\Users\SiewYun\Downloads\AntiHijackSetup.exe
    2014-12-01 02:02 - 2014-12-01 02:08 - 00000000 ____D () C:\ProgramData\softthinks
    2014-12-01 02:02 - 2014-09-19 02:13 - 00000114 ____H () C:\DBAR_Ver.txt
    2014-11-29 19:45 - 2014-11-29 19:46 - 00000000 ____D () C:\Users\SiewYun\Desktop\ryan
    2014-11-27 17:06 - 2014-11-27 17:10 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\deskPDF Editor
    2014-11-27 17:05 - 2014-11-27 17:05 - 00000969 _____ () C:\WINDOWS\deskinst.log
    2014-11-27 17:05 - 2013-08-12 11:29 - 00081608 _____ () C:\WINDOWS\system32\ddcvt4.exe
    2014-11-27 17:05 - 2013-08-12 11:28 - 00057032 _____ () C:\WINDOWS\system32\desksc.exe
    2014-11-27 17:05 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
    2014-11-27 17:04 - 2014-11-27 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docudesk
    2014-11-27 17:04 - 2014-11-27 17:04 - 00000000 ____D () C:\Program Files (x86)\Docudesk
    2014-11-27 17:04 - 2013-08-12 11:29 - 00081608 _____ () C:\WINDOWS\SysWOW64\ddcvt4.exe
    2014-11-27 17:04 - 2013-08-12 11:28 - 00057032 _____ () C:\WINDOWS\SysWOW64\desksc.exe
    2014-11-27 17:02 - 2014-11-27 17:02 - 00370632 _____ ( ) C:\Users\SiewYun\Downloads\deskPDFStudio-X-WebInstaller_4002.exe
    2014-11-26 10:59 - 2014-11-26 10:59 - 04443312 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2014-11-24 01:17 - 2014-10-31 13:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-11-24 01:17 - 2014-10-31 11:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-11-24 01:17 - 2014-10-13 10:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2014-11-24 01:17 - 2014-10-11 08:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2014-11-24 01:17 - 2014-10-11 08:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2014-11-24 01:17 - 2014-10-08 15:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2014-11-24 01:17 - 2014-10-08 15:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
    2014-11-24 01:17 - 2014-10-08 14:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
    2014-11-24 01:17 - 2014-10-08 13:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-11-24 01:17 - 2014-10-08 13:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-11-24 01:17 - 2014-10-07 14:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2014-11-24 01:17 - 2014-10-07 14:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2014-11-24 01:17 - 2014-10-07 14:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2014-11-24 01:17 - 2014-10-07 14:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2014-11-24 01:17 - 2014-10-07 14:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2014-11-24 01:17 - 2014-10-07 11:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2014-11-24 01:17 - 2014-10-07 11:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2014-11-24 01:17 - 2014-10-07 11:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2014-11-24 01:17 - 2014-10-07 09:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2014-11-24 01:17 - 2014-10-07 09:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2014-11-24 01:17 - 2014-09-27 15:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2014-11-24 01:17 - 2014-09-27 13:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2014-11-24 01:17 - 2014-09-27 11:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2014-11-24 01:17 - 2014-09-27 11:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2014-11-24 01:17 - 2014-09-27 11:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2014-11-24 01:17 - 2014-09-22 12:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2014-11-24 01:17 - 2014-09-22 11:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
    2014-11-24 01:17 - 2014-09-22 11:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
    2014-11-24 01:17 - 2014-09-22 10:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
    2014-11-24 01:17 - 2014-09-19 08:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2014-11-24 01:17 - 2014-09-03 06:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
    2014-11-24 01:17 - 2014-09-03 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
    2014-11-24 01:17 - 2014-08-23 13:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2014-11-24 01:17 - 2014-08-23 13:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2014-11-24 01:16 - 2014-10-31 13:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
    2014-11-24 01:16 - 2014-10-31 13:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
    2014-11-24 01:16 - 2014-10-31 13:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
    2014-11-24 01:16 - 2014-10-31 13:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
    2014-11-24 01:16 - 2014-10-31 13:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
    2014-11-24 01:16 - 2014-10-31 13:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-11-24 01:16 - 2014-10-31 13:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
    2014-11-24 01:16 - 2014-10-31 13:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-11-24 01:16 - 2014-10-31 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-11-24 01:16 - 2014-10-31 13:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-11-24 01:16 - 2014-10-31 13:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2014-11-24 01:16 - 2014-10-31 13:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-11-24 01:16 - 2014-10-31 12:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-11-24 01:16 - 2014-10-31 12:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-11-24 01:16 - 2014-10-31 12:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
    2014-11-24 01:16 - 2014-10-31 12:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2014-11-24 01:16 - 2014-10-31 12:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2014-11-24 01:16 - 2014-10-31 12:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2014-11-24 01:16 - 2014-10-31 12:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-11-24 01:16 - 2014-10-31 12:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-11-24 01:16 - 2014-10-31 12:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-11-24 01:16 - 2014-10-31 12:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-11-24 01:16 - 2014-10-31 12:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
    2014-11-24 01:16 - 2014-10-31 12:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-11-24 01:16 - 2014-10-31 12:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2014-11-24 01:16 - 2014-10-31 12:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
    2014-11-24 01:16 - 2014-10-31 12:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
    2014-11-24 01:16 - 2014-10-31 12:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2014-11-24 01:16 - 2014-10-31 12:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-11-24 01:16 - 2014-10-31 12:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-11-24 01:16 - 2014-10-31 12:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
    2014-11-24 01:16 - 2014-10-31 12:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2014-11-24 01:16 - 2014-10-31 12:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-11-24 01:16 - 2014-10-31 12:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
    2014-11-24 01:16 - 2014-10-31 12:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2014-11-24 01:16 - 2014-10-31 12:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2014-11-24 01:16 - 2014-10-31 12:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-11-24 01:16 - 2014-10-31 12:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-11-24 01:16 - 2014-10-31 12:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-11-24 01:16 - 2014-10-31 12:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-11-24 01:16 - 2014-10-31 11:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-11-24 01:16 - 2014-10-31 11:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-11-24 01:16 - 2014-10-31 11:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2014-11-24 01:16 - 2014-10-31 11:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
    2014-11-24 01:16 - 2014-10-31 11:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-11-24 01:16 - 2014-10-31 11:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
    2014-11-24 01:16 - 2014-10-31 11:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
    2014-11-24 01:16 - 2014-10-31 11:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
    2014-11-24 01:16 - 2014-10-31 11:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
    2014-11-24 01:16 - 2014-10-31 11:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
    2014-11-24 01:16 - 2014-10-31 11:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-11-24 01:16 - 2014-10-31 11:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
    2014-11-24 01:16 - 2014-10-31 11:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-11-24 01:16 - 2014-10-31 11:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2014-11-24 01:16 - 2014-10-31 11:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-11-24 01:16 - 2014-10-31 11:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-11-24 01:16 - 2014-10-31 11:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-11-24 01:16 - 2014-10-31 11:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-11-24 01:16 - 2014-10-31 11:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-11-24 01:16 - 2014-10-31 11:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-11-24 01:16 - 2014-10-31 11:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
    2014-11-24 01:16 - 2014-10-31 11:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
    2014-11-24 01:16 - 2014-10-31 11:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2014-11-24 01:16 - 2014-10-31 11:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2014-11-24 01:16 - 2014-10-31 11:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-11-24 01:16 - 2014-10-31 11:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-11-24 01:16 - 2014-10-31 11:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
    2014-11-24 01:16 - 2014-10-31 11:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-11-24 01:16 - 2014-10-31 10:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-24 01:16 - 2014-10-31 10:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
    2014-11-24 01:16 - 2014-10-31 10:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
    2014-11-24 01:16 - 2014-10-31 10:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
    2014-11-24 01:16 - 2014-10-31 10:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-11-24 01:16 - 2014-10-31 10:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
    2014-11-24 01:16 - 2014-10-31 10:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-11-24 01:16 - 2014-10-31 10:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2014-11-24 01:16 - 2014-10-31 10:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-11-24 01:16 - 2014-10-31 10:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
    2014-11-24 01:16 - 2014-10-31 10:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-11-24 01:16 - 2014-10-31 10:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2014-11-24 01:16 - 2014-10-31 10:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2014-11-24 01:16 - 2014-10-31 10:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-11-24 01:16 - 2014-10-31 10:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-11-24 01:16 - 2014-10-31 10:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-11-24 01:16 - 2014-10-31 10:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-11-24 01:16 - 2014-10-31 10:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2014-11-24 01:16 - 2014-10-31 10:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
    2014-11-24 01:16 - 2014-10-31 10:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-11-24 01:16 - 2014-10-31 10:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-11-24 01:16 - 2014-10-31 10:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-11-24 01:15 - 2014-11-10 07:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2014-11-24 01:15 - 2014-11-10 07:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2014-11-24 01:15 - 2014-11-10 07:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
    2014-11-24 01:15 - 2014-11-10 07:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
    2014-11-24 01:15 - 2014-10-23 13:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
    2014-11-24 01:15 - 2014-10-23 13:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
    2014-11-24 01:15 - 2014-10-07 11:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-11-24 01:15 - 2014-09-10 14:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2014-11-24 01:15 - 2014-09-08 11:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-11-24 01:15 - 2014-09-08 11:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-11-24 01:15 - 2014-09-08 06:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-11-24 01:15 - 2014-09-05 06:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2014-11-24 01:15 - 2014-09-05 06:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2014-11-24 01:15 - 2014-09-04 11:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2014-11-24 01:15 - 2014-09-04 10:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2014-11-24 01:15 - 2014-09-04 09:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2014-11-24 01:15 - 2014-09-04 08:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
    2014-11-24 01:15 - 2014-08-31 08:17 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
    2014-11-24 01:15 - 2014-08-31 08:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-11-24 01:15 - 2014-08-31 06:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-11-24 01:15 - 2014-08-31 06:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
    2014-11-24 01:15 - 2014-08-31 05:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
    2014-11-24 01:15 - 2014-08-31 05:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2014-11-24 01:15 - 2014-08-31 04:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
    2014-11-24 01:15 - 2014-08-31 04:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2014-11-24 01:15 - 2014-08-28 10:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2014-11-24 01:15 - 2014-08-28 08:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
    2014-11-24 01:15 - 2014-08-28 08:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
    2014-11-24 01:15 - 2014-08-23 13:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2014-11-24 01:15 - 2014-08-23 13:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2014-11-24 01:15 - 2014-08-23 12:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2014-11-24 01:15 - 2014-08-02 08:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
    2014-11-24 01:15 - 2014-08-02 08:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
    2014-11-24 01:13 - 2014-10-10 09:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2014-11-24 01:13 - 2014-10-10 09:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
    2014-11-24 01:13 - 2014-10-10 09:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2014-11-24 01:13 - 2014-10-08 15:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
    2014-11-24 01:13 - 2014-10-08 15:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
    2014-11-24 01:13 - 2014-10-08 15:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2014-11-24 01:13 - 2014-10-08 15:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
    2014-11-24 01:13 - 2014-10-08 14:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2014-11-24 01:13 - 2014-10-08 14:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
    2014-11-24 01:13 - 2014-10-08 14:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
    2014-11-24 01:13 - 2014-10-08 14:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2014-11-24 01:13 - 2014-10-08 14:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2014-11-24 01:13 - 2014-10-08 13:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2014-11-24 01:12 - 2014-11-05 07:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2014-11-24 01:12 - 2014-11-04 08:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2014-11-24 01:12 - 2014-10-31 12:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2014-11-24 01:12 - 2014-10-31 12:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2014-11-24 01:12 - 2014-10-31 12:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2014-11-24 01:12 - 2014-10-18 17:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2014-11-24 01:12 - 2014-10-18 16:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2014-11-24 01:12 - 2014-10-18 16:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2014-11-24 01:12 - 2014-10-18 15:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2014-11-24 01:12 - 2014-10-18 14:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2014-11-24 01:12 - 2014-10-18 14:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2014-11-24 01:12 - 2014-10-18 14:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2014-11-24 01:12 - 2014-10-18 14:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2014-11-24 01:12 - 2014-10-18 14:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2014-11-24 01:12 - 2014-10-18 14:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2014-11-24 01:12 - 2014-10-18 14:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2014-11-24 01:12 - 2014-10-18 14:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2014-11-24 01:12 - 2014-10-18 14:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2014-11-24 01:12 - 2014-10-18 14:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2014-11-24 01:12 - 2014-10-17 15:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2014-11-24 01:12 - 2014-10-17 14:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2014-11-24 01:11 - 2014-10-18 14:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
    2014-11-24 01:11 - 2014-10-18 14:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2014-11-22 11:49 - 2014-11-22 11:49 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
    2014-11-21 19:29 - 2014-11-21 19:29 - 00000000 ____D () C:\ProgramData\BitDefender
    2014-11-21 18:50 - 2014-11-21 18:50 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\LavasoftStatistics
    2014-11-21 18:49 - 2014-11-21 18:49 - 00004688 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini
    2014-11-21 18:49 - 2014-11-21 18:49 - 00002520 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
    2014-11-21 18:49 - 2014-11-21 18:49 - 00002520 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
    2014-11-21 18:49 - 2014-11-13 18:42 - 00358736 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
    2014-11-21 18:49 - 2014-11-13 18:42 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
    2014-11-21 18:48 - 2014-12-01 02:34 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\Lavasoft
    2014-11-21 18:47 - 2014-12-05 11:23 - 00002291 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2014-11-21 18:47 - 2014-12-01 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2014-11-21 18:47 - 2014-07-10 14:09 - 02084072 _____ (Bitdefender) C:\WINDOWS\system32\bdnc.dll
    2014-11-21 18:47 - 2014-07-10 14:08 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
    2014-11-21 18:47 - 2014-07-10 14:08 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
    2014-11-21 18:47 - 2014-07-10 14:08 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
    2014-11-21 18:47 - 2014-07-10 14:08 - 00156936 _____ () C:\WINDOWS\system32\bdfwcore.dll
    2014-11-21 18:47 - 2014-07-10 14:08 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
    2014-11-21 18:47 - 2014-07-10 14:08 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
    2014-11-21 18:47 - 2014-07-10 14:08 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
    2014-11-21 18:46 - 2014-11-21 18:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2014-11-21 18:43 - 2014-11-21 18:43 - 00000000 ____D () C:\Program Files\Lavasoft
    2014-11-21 18:41 - 2014-11-21 18:41 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
    2014-11-21 18:39 - 2014-12-01 02:34 - 00000000 ____D () C:\ProgramData\Lavasoft
    2014-11-21 18:39 - 2014-11-21 18:39 - 01754248 _____ () C:\Users\SiewYun\Downloads\Adaware_Installer.exe
    2014-11-11 01:28 - 2014-11-21 04:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-11-11 01:28 - 2014-11-21 04:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-05 13:25 - 2013-05-03 19:23 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3391250251-679178658-363545533-1001
    2014-12-05 13:20 - 2014-07-28 11:41 - 00000000 ____D () C:\Users\SiewYun\AppData\Local\CrashDumps
    2014-12-05 13:02 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-12-05 12:30 - 2013-05-07 17:58 - 00001042 _____ () C:\Users\SiewYun\AppData\Roaming\coreavc.ini
    2014-12-05 12:13 - 2014-01-08 23:12 - 00004990 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DAVID_LING-SiewYun David_Ling
    2014-12-05 11:30 - 2013-04-27 13:30 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2014-12-05 11:26 - 2013-09-30 12:10 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-12-05 11:24 - 2013-05-03 12:18 - 00000000 ___DO () C:\Users\SiewYun\SkyDrive
    2014-12-05 11:23 - 2013-05-02 21:28 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-05 11:23 - 2013-05-02 21:28 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-05 11:22 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-05 00:55 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-12-05 00:48 - 2014-10-31 21:38 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001UA.job
    2014-12-05 00:21 - 2014-08-18 09:36 - 00000000 ____D () C:\XiGua Yingshi
    2014-12-05 00:05 - 2013-12-07 21:48 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-12-04 23:59 - 2013-07-02 19:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-12-04 13:27 - 2014-07-29 03:25 - 00802416 _____ () C:\WINDOWS\PFRO.log
    2014-12-04 13:26 - 2014-07-28 11:37 - 00000000 ____D () C:\AdwCleaner
    2014-12-04 10:23 - 2013-11-15 19:58 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{607939BC-904D-41B0-9063-7616A68D2E6E}
    2014-12-04 10:18 - 2014-07-29 02:30 - 00000000 ____D () C:\WINDOWS\system32\log
    2014-12-04 10:11 - 2014-07-15 12:12 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-12-04 00:40 - 2014-07-29 11:22 - 01851052 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-04 00:22 - 2014-08-07 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2014-12-04 00:16 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-12-03 20:48 - 2014-10-31 21:38 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001Core.job
    2014-12-01 12:37 - 2013-05-06 01:42 - 00843776 ___SH () C:\Users\SiewYun\Desktop\Thumbs.db
    2014-12-01 02:48 - 2014-08-07 11:30 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
    2014-12-01 02:21 - 2014-07-15 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-01 02:21 - 2014-07-15 12:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-01 02:02 - 2013-05-03 19:23 - 00000000 ____D () C:\Users\SiewYun\AppData\Local\softthinks
    2014-12-01 01:46 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-11-30 16:45 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
    2014-11-29 19:52 - 2014-11-01 19:19 - 00000000 ____D () C:\Users\SiewYun\Desktop\drums
    2014-11-27 10:24 - 2014-10-31 21:02 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-11-26 20:53 - 2013-11-26 09:36 - 00000000 ____D () C:\Program Files\HLAMFP
    2014-11-26 11:49 - 2013-08-22 22:44 - 00372520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-11-26 11:45 - 2014-07-09 18:15 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-26 10:59 - 2013-07-02 19:43 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2014-11-24 01:20 - 2013-09-04 12:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-24 01:14 - 2013-09-04 12:01 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-11-23 19:01 - 2014-10-31 21:38 - 00001401 _____ () C:\Users\SiewYun\Desktop\Chromecast.lnk
    2014-11-22 11:49 - 2013-05-02 21:28 - 00000000 ____D () C:\Users\SiewYun\AppData\Local\Google
    2014-11-21 18:46 - 2014-08-24 19:37 - 00002997 _____ () C:\WINDOWS\setupact.log
    2014-11-21 00:12 - 2014-09-04 00:19 - 00025125 _____ () C:\Users\SiewYun\Desktop\MVO Price.xlsx
    2014-11-15 20:43 - 2014-10-31 21:38 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001UA
    2014-11-15 20:43 - 2014-10-31 21:38 - 00003508 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001Core
    2014-11-15 14:21 - 2013-05-03 12:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-11-15 14:18 - 2013-05-02 21:28 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-15 14:18 - 2013-05-02 21:28 - 00003664 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-12 10:48 - 2013-12-12 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-11 10:57 - 2013-11-16 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-11 01:25 - 2013-09-30 11:58 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\setup
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-11-11 01:25 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
    2014-11-10 09:54 - 2013-11-26 10:56 - 00000000 ____D () C:\Users\SiewYun\Desktop\HLA

    Some content of TEMP:
    ====================
    C:\Users\SiewYun\AppData\Local\Temp\bcada377-9f13-4ea8-b57c-dab7a4256f19.exe
    C:\Users\SiewYun\AppData\Local\Temp\lowproc.exe
    C:\Users\SiewYun\AppData\Local\Temp\Quarantine.exe
    C:\Users\SiewYun\AppData\Local\Temp\sogou_pinyin_7.4.0.3734.exe
    C:\Users\SiewYun\AppData\Local\Temp\SpOrder.dll
    C:\Users\SiewYun\AppData\Local\Temp\sqlite3.dll
    C:\Users\SiewYun\AppData\Local\Temp\stubhelper.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-28 22:08

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
    Ran by SiewYun at 2014-12-05 13:28:23
    Running from C:\Users\SiewYun\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
    AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
    AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
    AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    ChromecastApp (HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
    Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
    deskPDF Studio X (HKLM-x32\...\deskPDF Studio_is1) (Version:  - Docudesk)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
    FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
    HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HP Virtual Room Client Launcher Plugin (HKLM-x32\...\{E9C450A0-4606-11E0-9207-0800200C9A66}) (Version: 2.0.0.1 - Hewlett-Packard)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Macromedia Flash Player 8 (HKLM-x32\...\{6815FCDD-401D-481E-BA88-31B4754C2B46}) (Version: 8.0.22.0 - Macromedia)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
    Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    PrivDog (HKLM-x32\...\PrivDog) (Version: 2.2.0.14 - privdog.com)
    QPostPro 2.5.4.49 (HKLM-x32\...\QPostPro) (Version: 2.5.4.49 - Giosis)
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
    Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1228.1 - Microsoft Corporation) Hidden
    Videostream Port Fix (HKLM-x32\...\{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}) (Version: 1.0.0 - Videostream, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    搜狗拼音输入法 7.4正式版 (HKLM-x32\...\Sogou Input) (Version: 7.4.0.3734 - Sogou.com)
    西瓜 (HKLM-x32\...\西瓜) (Version:  - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3391250251-679178658-363545533-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3391250251-679178658-363545533-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3391250251-679178658-363545533-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3391250251-679178658-363545533-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\SiewYun\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points  =========================

    31-10-2014 13:09:56 Installed Videostream Port Fix
    10-11-2014 17:16:56 Windows Update
    21-11-2014 10:39:41 AA11
    26-11-2014 03:36:20 Windows Update
    30-11-2014 17:44:52 Windows Update
    03-12-2014 16:13:55 Removed GeekBuddy.
    03-12-2014 16:15:59 Removed GeekBuddy.

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 21:25 - 2014-07-28 18:30 - 00000860 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02BC7A06-65F4-4F61-B212-4BE7E3615DC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)
    Task: {31526987-434F-4FCC-A70F-1B34FB6E38D3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DAVID_LING-SiewYun David_Ling => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
    Task: {365257A0-7060-43B7-A7D2-C8505BEB375E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001UA => C:\Users\SiewYun\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
    Task: {3CB6D3BB-D82F-40AB-8221-A685EBBDF3BD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-02-01] (PC-Doctor, Inc.)
    Task: {444FBF02-E66E-448B-AB10-CC91409F74C0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {4F988758-95C7-440F-BE1E-E855F7D4D743} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-24] (Microsoft Corporation)
    Task: {51C1D609-8CE3-4602-BCEB-1E78513C64FC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3391250251-679178658-363545533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {5AA21F4B-C5C2-4471-988B-52311EFD68F5} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {5B6D1E43-3744-453A-B962-AA7258AE0377} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-02-01] (PC-Doctor, Inc.)
    Task: {674C2BDA-3BF8-453E-A834-F03D2EC437AF} - System32\Tasks\PPSProtect => C:\Program Files (x86)\PPStream\PPSProtect.exe
    Task: {6951BE63-CEF8-4943-A3CE-3B22569016B4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3391250251-679178658-363545533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {6AFD0E36-9D74-4D20-9202-A13D865612EF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3391250251-679178658-363545533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {7859DBA7-70BC-4A39-BE42-8F2BA78534C0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {8081C620-B88E-476A-AE11-9C2CB55603D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)
    Task: {A5046279-0FB0-4D08-94F5-6973A562B9B1} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3391250251-679178658-363545533-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
    Task: {A645A359-4145-400C-B039-35BB6E576DD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
    Task: {AAD44918-BF20-485E-85DA-9097CF9EED2F} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2014-09-26] (Sogou.com Inc.)
    Task: {AD3A9A86-299C-4429-920F-3CC3688AE604} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001Core => C:\Users\SiewYun\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
    Task: {DB7D5D6A-C44F-4E39-BC59-ADD79A216E9F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {E7A699E3-ED0B-40F2-B022-188682965B08} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3391250251-679178658-363545533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {F459EC66-19BB-4B40-9A69-5946C57DBD02} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3391250251-679178658-363545533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {FF2EB3D8-FDD9-43B2-AEB0-AB75E77DCBE8} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001Core.job => ?
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001UA.job => ?

    ==================== Loaded Modules (whitelisted) =============

    2014-11-27 17:05 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
    2014-03-26 10:23 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-10-15 13:37 - 2014-10-15 13:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
    2014-10-15 14:03 - 2014-10-15 14:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
    2014-10-15 14:04 - 2014-10-15 14:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
    2014-11-21 18:47 - 2014-07-10 14:08 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
    2014-11-21 19:29 - 2014-11-21 19:29 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
    2014-11-21 19:29 - 2014-11-21 19:29 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
    2014-11-21 19:30 - 2014-11-21 19:30 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
    2014-11-21 19:29 - 2014-11-21 19:29 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
    2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2013-08-22 15:19 - 2013-08-22 14:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
    2014-08-14 01:19 - 2014-08-07 16:23 - 01457608 _____ () C:\Program Files (x86)\xigua\2.7.0.32\xgengine.exe
    2014-09-19 02:37 - 2014-07-03 10:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    2014-11-15 14:20 - 2014-09-23 21:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-10-15 14:03 - 2014-10-15 14:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
    2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-15 14:20 - 2014-11-15 14:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2013-04-27 13:25 - 2012-07-19 03:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2014-09-19 02:37 - 2014-07-31 06:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2013-04-27 13:30 - 2012-11-26 13:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2014-09-19 02:37 - 2012-11-26 13:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
    2013-12-12 15:00 - 2014-11-11 10:57 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\SiewYun\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
    HKLM\...\StartupApproved\Run: => "AdAwareTray"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "tvncontrol"
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_43F282E67E516E6330CC88AFFA394C6F"
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\StartupApproved\Run: => "PPS Accelerator"
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\StartupApproved\Run: => "ImeGuardCom"
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\StartupApproved\Run: => "Web Companion"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3391250251-679178658-363545533-500 - Administrator - Disabled)
    Guest (S-1-5-21-3391250251-679178658-363545533-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3391250251-679178658-363545533-1003 - Limited - Enabled)
    SiewYun (S-1-5-21-3391250251-679178658-363545533-1001 - Administrator - Enabled) => C:\Users\SiewYun

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (12/05/2014 01:28:38 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/05/2014 01:28:08 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/05/2014 01:27:38 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/05/2014 01:27:08 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/05/2014 01:26:38 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/05/2014 01:23:33 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/05/2014 01:23:03 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
      Date: 2014-12-01 02:28:49.126
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-12-01 02:21:06.285
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-12-01 01:58:40.414
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-30 16:02:40.465
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-29 20:08:39.680
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-29 19:56:22.769
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-29 19:43:48.033
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-29 10:06:41.064
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-28 00:36:12.701
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-27 17:30:54.419
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-3330S CPU @ 2.70GHz
    Percentage of memory in use: 56%
    Total physical RAM: 3967.57 MB
    Available physical RAM: 1712.55 MB
    Total Pagefile: 6143.57 MB
    Available Pagefile: 4402.45 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:921.61 GB) (Free:713.6 GB) NTFS
    Drive x: () (Fixed) (Total:0.34 GB) (Free:0.05 GB) NTFS
    Drive y: (PBR Image) (Fixed) (Total:8.43 GB) (Free:0.23 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: D2685EC7)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================


    • 0

    #6
    eys12345
    Posted 04 December 2014 - 11:47 PM

    eys12345

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    JRT:

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 8.1 Single Language x64
    Ran by SiewYun on Fri 12/05/2014 at 13:19:55.81
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7F84046E-812F-48EE-92B4-D8E52B87043C}



    ~~~ Files

    Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
    Successfully deleted: [Folder] "C:\Users\SiewYun\appdata\local\adtrustmedia"
    Successfully deleted: [Folder] "C:\Program Files (x86)\adtrustmedia"



    ~~~ FireFox

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@baidu.com/npxbdsetup
    Successfully deleted the following from C:\Users\SiewYun\AppData\Roaming\mozilla\firefox\profiles\or5vfbda.default-1417434209467\prefs.js

    user_pref("keyword.URL", "hxxp://www.baidu.com/baidu?tn=dealio_dg&wd=");



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 12/05/2014 at 13:21:40.95
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #7
    eys12345
    Posted 05 December 2014 - 12:03 AM

    eys12345

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Thanks Expert.

     

    However there are files that i can't get rid of them.

     

    QvodExtend_x64.dll, QvodWebBase.dll, QvodWebBase64.dll & QvodWebService.exe

     

    My comp will just keep prompting me that these app are running, I've uninstalled this Qvod player thing and manually deleted their files except the files mentioned above.

     

    Appreciate if you can help me up on this 1 too. Again, just wanna thank you for your time.


    Edited by eys12345, 05 December 2014 - 12:05 AM.

    • 0

    #8
    RKinner
    Posted 05 December 2014 - 08:04 AM

    RKinner

      Malware Expert

    • Expert
    • 24,748 posts
    • MVP
    Download and save the McAfee Removal tool
    run the McAfee uninstall tool (right click and Run As admni), reboot.
     
    Download and Save the bd uninstaller:
    Run the bd uninstaller.(right click and Run As admni),
    Reboot
     
    Open Chrome, click on the three bars in the upper right.  Click on Settings then under Search, Manage Search Engines:
    Under Default Search Settings, Click on Baidu and then on the X at the end of the line. This should delete it.  Repeat for any other search engine you do not recognize or use.  I usually remove all but Google.  Click Done.  Now under Search make sure the first box has your favorite search engine.
     
    Now click on Extensions in the left column.  If you see  Intel® Identity Protection Technology hit the trash can icon to the right of it.
     
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     

    I'm going to Orlando in a few minutes so may not be back on line until this evening.


    • 0

    #9
    eys12345
    Posted 05 December 2014 - 11:09 AM

    eys12345

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
    Ran by SiewYun at 2014-12-06 01:05:23 Run:1
    Running from C:\Users\SiewYun\Desktop\anti virus
    Loaded Profile: SiewYun (Available profiles: SiewYun)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers-x32: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} =>  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
    FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
    FF Plugin-x32: @baidu.com/npBdyyPlugin -> C:\Program Files (x86)\baidu\BaiduPlayer\3.9.3.12\npbdyy.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
    ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
    FF Plugin-x32: @rooms.hp.com -> C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll No File
    FF Plugin-x32: @xigua.com/npxgax -> C:\Program Files (x86)\xigua\2.7.0.32\npxgax.dll ()
    FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
    FF Extension: No Name - C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\or5vfbda.default-1417434209467\extensions\[email protected] [Not Found]
    BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
    CustomCLSID: HKU\S-1-5-21-3391250251-679178658-363545533-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    Task: {FF2EB3D8-FDD9-43B2-AEB0-AB75E77DCBE8} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001Core.job => ?
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001UA.job => ?
    C:\ProgramData\QvodPlayer
    C:\Program Files (x86)\QvodPlayer
    *****************

    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
    "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DownloadIcon" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297}" => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
    "HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => Key not found.
    "HKLM\Software\MozillaPlugins\@qvod.com/QvodShare" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/npBdyyPlugin" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => Key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@realnetworks.com/npdlplugin;version=1" => Key deleted successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DownloadIcon" => Key deleted successfully.
    "HKCR\CLSID\{A8502600-B272-4F68-A67B-A0305D46D298}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@rooms.hp.com" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@xigua.com/npxgax" => Key deleted successfully.
    C:\Program Files (x86)\xigua\2.7.0.32\npxgax.dll => Moved successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@xunlei.com/npxluser" => Key deleted successfully.
    "HKU\S-1-5-21-3391250251-679178658-363545533-1001\Software\MozillaPlugins\@qvod.com/QvodInsert" => Key deleted successfully.
    C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll not found.
    "HKU\S-1-5-21-3391250251-679178658-363545533-1001\Software\MozillaPlugins\@xunlei.com/npxluser" => Key deleted successfully.
    C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll not found.
    "HKU\S-1-5-21-3391250251-679178658-363545533-1001\Software\MozillaPlugins\KuaiWanInsert" => Key deleted successfully.
    C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll not found.
    C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\or5vfbda.default-1417434209467\extensions\[email protected] not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D298}" => Key deleted successfully.
    "HKCR\CLSID\{A8502600-B272-4F68-A67B-A0305D46D298}" => Key not found.
    "HKU\S-1-5-21-3391250251-679178658-363545533-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF2EB3D8-FDD9-43B2-AEB0-AB75E77DCBE8}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF2EB3D8-FDD9-43B2-AEB0-AB75E77DCBE8}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Trojan Killer => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trojan Killer" => Key deleted successfully.
    C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001Core.job => Moved successfully.
    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001UA.job => Moved successfully.
    C:\ProgramData\QvodPlayer => Moved successfully.
    C:\Program Files (x86)\QvodPlayer => Moved successfully.

    ==== End of Fixlog ====


    • 0

    #10
    eys12345
    Posted 05 December 2014 - 11:12 AM

    eys12345

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    FRST result:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
    Ran by SiewYun (administrator) on DAVID_LING on 06-12-2014 01:07:53
    Running from C:\Users\SiewYun\Desktop\anti virus
    Loaded Profile: SiewYun (Available profiles: SiewYun)
    Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Docudesk Corporation) C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-13] (Realtek Semiconductor)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [SkyDrive] => C:\Users\SiewYun\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-10] (Microsoft Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10240 2013-08-22] (Microsoft Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [ImeGuardCom] => C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.26\SGImeGuard.exe [368760 2014-06-19] (Sogou.com Inc.)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [Google Update] => C:\Users\SiewYun\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-31] (Google Inc.)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\MountPoints2: {700cf3ce-bca8-11e2-be6f-a41f72692a0f} - "F:\WD SmartWare.exe" autoplay=true
    BootExecute: autocheck autochk * bootdelete
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3391250251-679178658-363545533-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
    SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> DefaultScope {7F84046E-812F-48EE-92B4-D8E52B87043C} URL =
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> {FBDA77BE-6BBE-4B77-84E8-9DFDDDDBC313} URL =
    BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} ->  No File
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    DPF: HKLM-x32 {1FAF427B-1EE5-43D3-A023-3009142AFCE1} https://www2.pbebank...l/csoex_pbb.cab
    DPF: HKLM-x32 {B9B2EE1A-E314-4338-A305-BE845EACB113} https://www2.pbebank...ntrol/csw25.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\or5vfbda.default-1417434209467
    FF Homepage: https://www.facebook.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: @tools.google.com/Google Update;version=3 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: @tools.google.com/Google Update;version=9 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-24]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\y57zhh5c.default-1406574551022\extensions
    FF Extension: No Name - C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\or5vfbda.default-1417434209467\extensions\[email protected] [Not Found]

    Chrome:
    =======
    CHR HomePage: Default -> about:blank
    CHR StartupUrls: Default -> "https://www.facebook.com/", "https://apps.facebook.com/candycrush/?fb_source=bookmark&ref=bookmarks&count=0&fb_bmpos=_0", "https://apps.facebook.com/farmheroes/?type=partner&st1=kinghubs&st2=candycrush&st3=topbanner", "chrome://newtab/", "hxxp://www.hotmail.com/"
    CHR DefaultSearchURL: Default -> http://www.google.co...q={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
    CHR Profile: C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-02]
    CHR Extension: (Google Drive) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
    CHR Extension: (YouTube) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-02]
    CHR Extension: (Google Cast) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-31]
    CHR Extension: (Google Search) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-02]
    CHR Extension: (Google Wallet) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR Extension: (Gmail) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-02]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-19] (SoftThinks SAS)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-07-29] ()
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
    S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
    S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-06 00:35 - 2014-12-06 00:41 - 03731400 _____ () C:\Users\SiewYun\Downloads\The_New_Bitdefender_UninstallTool.exe
    2014-12-06 00:31 - 2014-12-06 00:31 - 03480040 _____ (McAfee, Inc.) C:\Users\SiewYun\Downloads\MCPR.exe
    2014-12-05 14:55 - 2014-12-06 01:08 - 00000000 ____D () C:\Users\SiewYun\Desktop\anti virus
    2014-12-05 13:30 - 2014-12-05 13:35 - 00000110 _____ () C:\AdwCleanerDebug.txt
    2014-12-05 13:27 - 2014-12-06 01:07 - 00000000 ____D () C:\FRST
    2014-12-04 02:04 - 2014-12-04 02:04 - 00098608 _____ () C:\Users\SiewYun\Downloads\Extras.Txt
    2014-12-04 02:03 - 2014-12-04 02:03 - 00189826 _____ () C:\Users\SiewYun\Downloads\OTL.Txt
    2014-12-04 01:54 - 2014-12-04 01:54 - 00602112 _____ (OldTimer Tools) C:\Users\SiewYun\Downloads\OTL.exe
    2014-12-04 01:01 - 2014-12-04 01:01 - 02365840 _____ () C:\Users\SiewYun\Downloads\SecurityTaskManager_Setup.exe
    2014-12-03 21:23 - 2014-12-03 21:24 - 00000000 ____D () C:\ProgramData\IObit
    2014-12-03 21:23 - 2014-12-03 21:23 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\IObit
    2014-12-03 21:22 - 2014-12-03 21:23 - 32809520 _____ (IObit ) C:\Users\SiewYun\Downloads\IObit-Malware-Fighter-Setup.exe
    2014-12-03 21:14 - 2014-12-03 21:14 - 00448202 _____ () C:\Users\SiewYun\Downloads\AntiHijackSetup(1).exe
    2014-12-03 21:13 - 2014-12-03 21:13 - 00230744 _____ () C:\Users\SiewYun\Downloads\AntiHijackSetup.exe
    2014-12-01 02:02 - 2014-12-01 02:08 - 00000000 ____D () C:\ProgramData\softthinks
    2014-12-01 02:02 - 2014-09-19 02:13 - 00000114 ____H () C:\DBAR_Ver.txt
    2014-11-29 19:45 - 2014-11-29 19:46 - 00000000 ____D () C:\Users\SiewYun\Desktop\ryan
    2014-11-27 17:06 - 2014-11-27 17:10 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\deskPDF Editor
    2014-11-27 17:05 - 2014-11-27 17:05 - 00000969 _____ () C:\WINDOWS\deskinst.log
    2014-11-27 17:05 - 2013-08-12 11:29 - 00081608 _____ () C:\WINDOWS\system32\ddcvt4.exe
    2014-11-27 17:05 - 2013-08-12 11:28 - 00057032 _____ () C:\WINDOWS\system32\desksc.exe
    2014-11-27 17:05 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
    2014-11-27 17:04 - 2014-11-27 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docudesk
    2014-11-27 17:04 - 2014-11-27 17:04 - 00000000 ____D () C:\Program Files (x86)\Docudesk
    2014-11-27 17:04 - 2013-08-12 11:29 - 00081608 _____ () C:\WINDOWS\SysWOW64\ddcvt4.exe
    2014-11-27 17:04 - 2013-08-12 11:28 - 00057032 _____ () C:\WINDOWS\SysWOW64\desksc.exe
    2014-11-27 17:02 - 2014-11-27 17:02 - 00370632 _____ ( ) C:\Users\SiewYun\Downloads\deskPDFStudio-X-WebInstaller_4002.exe
    2014-11-26 10:59 - 2014-11-26 10:59 - 04443312 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2014-11-24 01:17 - 2014-10-31 13:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-11-24 01:17 - 2014-10-31 11:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-11-24 01:17 - 2014-10-13 10:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2014-11-24 01:17 - 2014-10-11 08:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2014-11-24 01:17 - 2014-10-11 08:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2014-11-24 01:17 - 2014-10-08 15:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2014-11-24 01:17 - 2014-10-08 15:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
    2014-11-24 01:17 - 2014-10-08 14:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
    2014-11-24 01:17 - 2014-10-08 13:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-11-24 01:17 - 2014-10-08 13:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-11-24 01:17 - 2014-10-07 14:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2014-11-24 01:17 - 2014-10-07 14:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2014-11-24 01:17 - 2014-10-07 14:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2014-11-24 01:17 - 2014-10-07 14:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2014-11-24 01:17 - 2014-10-07 14:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2014-11-24 01:17 - 2014-10-07 11:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2014-11-24 01:17 - 2014-10-07 11:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2014-11-24 01:17 - 2014-10-07 11:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2014-11-24 01:17 - 2014-10-07 09:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2014-11-24 01:17 - 2014-10-07 09:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2014-11-24 01:17 - 2014-09-27 15:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2014-11-24 01:17 - 2014-09-27 13:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2014-11-24 01:17 - 2014-09-27 11:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2014-11-24 01:17 - 2014-09-27 11:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2014-11-24 01:17 - 2014-09-27 11:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2014-11-24 01:17 - 2014-09-22 12:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2014-11-24 01:17 - 2014-09-22 11:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
    2014-11-24 01:17 - 2014-09-22 11:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
    2014-11-24 01:17 - 2014-09-22 10:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
    2014-11-24 01:17 - 2014-09-19 08:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2014-11-24 01:17 - 2014-09-03 06:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
    2014-11-24 01:17 - 2014-09-03 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
    2014-11-24 01:17 - 2014-08-23 13:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2014-11-24 01:17 - 2014-08-23 13:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2014-11-24 01:16 - 2014-10-31 13:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
    2014-11-24 01:16 - 2014-10-31 13:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
    2014-11-24 01:16 - 2014-10-31 13:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
    2014-11-24 01:16 - 2014-10-31 13:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
    2014-11-24 01:16 - 2014-10-31 13:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
    2014-11-24 01:16 - 2014-10-31 13:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-11-24 01:16 - 2014-10-31 13:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
    2014-11-24 01:16 - 2014-10-31 13:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-11-24 01:16 - 2014-10-31 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-11-24 01:16 - 2014-10-31 13:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-11-24 01:16 - 2014-10-31 13:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2014-11-24 01:16 - 2014-10-31 13:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-11-24 01:16 - 2014-10-31 12:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-11-24 01:16 - 2014-10-31 12:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-11-24 01:16 - 2014-10-31 12:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
    2014-11-24 01:16 - 2014-10-31 12:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2014-11-24 01:16 - 2014-10-31 12:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2014-11-24 01:16 - 2014-10-31 12:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2014-11-24 01:16 - 2014-10-31 12:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-11-24 01:16 - 2014-10-31 12:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-11-24 01:16 - 2014-10-31 12:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-11-24 01:16 - 2014-10-31 12:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-11-24 01:16 - 2014-10-31 12:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
    2014-11-24 01:16 - 2014-10-31 12:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-11-24 01:16 - 2014-10-31 12:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2014-11-24 01:16 - 2014-10-31 12:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
    2014-11-24 01:16 - 2014-10-31 12:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
    2014-11-24 01:16 - 2014-10-31 12:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2014-11-24 01:16 - 2014-10-31 12:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-11-24 01:16 - 2014-10-31 12:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-11-24 01:16 - 2014-10-31 12:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
    2014-11-24 01:16 - 2014-10-31 12:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2014-11-24 01:16 - 2014-10-31 12:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-11-24 01:16 - 2014-10-31 12:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
    2014-11-24 01:16 - 2014-10-31 12:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2014-11-24 01:16 - 2014-10-31 12:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2014-11-24 01:16 - 2014-10-31 12:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-11-24 01:16 - 2014-10-31 12:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-11-24 01:16 - 2014-10-31 12:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-11-24 01:16 - 2014-10-31 12:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-11-24 01:16 - 2014-10-31 11:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-11-24 01:16 - 2014-10-31 11:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-11-24 01:16 - 2014-10-31 11:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2014-11-24 01:16 - 2014-10-31 11:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
    2014-11-24 01:16 - 2014-10-31 11:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-11-24 01:16 - 2014-10-31 11:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
    2014-11-24 01:16 - 2014-10-31 11:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
    2014-11-24 01:16 - 2014-10-31 11:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
    2014-11-24 01:16 - 2014-10-31 11:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
    2014-11-24 01:16 - 2014-10-31 11:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
    2014-11-24 01:16 - 2014-10-31 11:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-11-24 01:16 - 2014-10-31 11:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
    2014-11-24 01:16 - 2014-10-31 11:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-11-24 01:16 - 2014-10-31 11:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2014-11-24 01:16 - 2014-10-31 11:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-11-24 01:16 - 2014-10-31 11:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-11-24 01:16 - 2014-10-31 11:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-11-24 01:16 - 2014-10-31 11:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-11-24 01:16 - 2014-10-31 11:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-11-24 01:16 - 2014-10-31 11:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-11-24 01:16 - 2014-10-31 11:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
    2014-11-24 01:16 - 2014-10-31 11:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
    2014-11-24 01:16 - 2014-10-31 11:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2014-11-24 01:16 - 2014-10-31 11:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2014-11-24 01:16 - 2014-10-31 11:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-11-24 01:16 - 2014-10-31 11:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-11-24 01:16 - 2014-10-31 11:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
    2014-11-24 01:16 - 2014-10-31 11:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-11-24 01:16 - 2014-10-31 10:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-24 01:16 - 2014-10-31 10:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
    2014-11-24 01:16 - 2014-10-31 10:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
    2014-11-24 01:16 - 2014-10-31 10:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
    2014-11-24 01:16 - 2014-10-31 10:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-11-24 01:16 - 2014-10-31 10:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
    2014-11-24 01:16 - 2014-10-31 10:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-11-24 01:16 - 2014-10-31 10:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2014-11-24 01:16 - 2014-10-31 10:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-11-24 01:16 - 2014-10-31 10:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
    2014-11-24 01:16 - 2014-10-31 10:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-11-24 01:16 - 2014-10-31 10:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2014-11-24 01:16 - 2014-10-31 10:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2014-11-24 01:16 - 2014-10-31 10:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-11-24 01:16 - 2014-10-31 10:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-11-24 01:16 - 2014-10-31 10:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-11-24 01:16 - 2014-10-31 10:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-11-24 01:16 - 2014-10-31 10:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2014-11-24 01:16 - 2014-10-31 10:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
    2014-11-24 01:16 - 2014-10-31 10:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-11-24 01:16 - 2014-10-31 10:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-11-24 01:16 - 2014-10-31 10:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-11-24 01:15 - 2014-11-10 07:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2014-11-24 01:15 - 2014-11-10 07:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2014-11-24 01:15 - 2014-11-10 07:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
    2014-11-24 01:15 - 2014-11-10 07:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
    2014-11-24 01:15 - 2014-10-23 13:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
    2014-11-24 01:15 - 2014-10-23 13:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
    2014-11-24 01:15 - 2014-10-07 11:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-11-24 01:15 - 2014-09-10 14:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2014-11-24 01:15 - 2014-09-08 11:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-11-24 01:15 - 2014-09-08 11:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-11-24 01:15 - 2014-09-08 06:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-11-24 01:15 - 2014-09-05 06:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2014-11-24 01:15 - 2014-09-05 06:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2014-11-24 01:15 - 2014-09-04 11:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2014-11-24 01:15 - 2014-09-04 10:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2014-11-24 01:15 - 2014-09-04 09:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2014-11-24 01:15 - 2014-09-04 08:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
    2014-11-24 01:15 - 2014-08-31 08:17 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
    2014-11-24 01:15 - 2014-08-31 08:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-11-24 01:15 - 2014-08-31 06:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-11-24 01:15 - 2014-08-31 06:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
    2014-11-24 01:15 - 2014-08-31 05:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
    2014-11-24 01:15 - 2014-08-31 05:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2014-11-24 01:15 - 2014-08-31 04:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
    2014-11-24 01:15 - 2014-08-31 04:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2014-11-24 01:15 - 2014-08-28 10:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2014-11-24 01:15 - 2014-08-28 08:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
    2014-11-24 01:15 - 2014-08-28 08:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
    2014-11-24 01:15 - 2014-08-23 13:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2014-11-24 01:15 - 2014-08-23 13:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2014-11-24 01:15 - 2014-08-23 12:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2014-11-24 01:15 - 2014-08-02 08:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
    2014-11-24 01:15 - 2014-08-02 08:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
    2014-11-24 01:13 - 2014-10-10 09:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2014-11-24 01:13 - 2014-10-10 09:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
    2014-11-24 01:13 - 2014-10-10 09:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2014-11-24 01:13 - 2014-10-08 15:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
    2014-11-24 01:13 - 2014-10-08 15:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
    2014-11-24 01:13 - 2014-10-08 15:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2014-11-24 01:13 - 2014-10-08 15:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
    2014-11-24 01:13 - 2014-10-08 14:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2014-11-24 01:13 - 2014-10-08 14:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
    2014-11-24 01:13 - 2014-10-08 14:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
    2014-11-24 01:13 - 2014-10-08 14:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2014-11-24 01:13 - 2014-10-08 14:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2014-11-24 01:13 - 2014-10-08 13:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2014-11-24 01:12 - 2014-11-05 07:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2014-11-24 01:12 - 2014-11-04 08:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2014-11-24 01:12 - 2014-10-31 12:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2014-11-24 01:12 - 2014-10-31 12:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2014-11-24 01:12 - 2014-10-31 12:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2014-11-24 01:12 - 2014-10-18 17:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2014-11-24 01:12 - 2014-10-18 16:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2014-11-24 01:12 - 2014-10-18 16:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2014-11-24 01:12 - 2014-10-18 15:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2014-11-24 01:12 - 2014-10-18 14:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2014-11-24 01:12 - 2014-10-18 14:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2014-11-24 01:12 - 2014-10-18 14:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2014-11-24 01:12 - 2014-10-18 14:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2014-11-24 01:12 - 2014-10-18 14:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2014-11-24 01:12 - 2014-10-18 14:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2014-11-24 01:12 - 2014-10-18 14:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2014-11-24 01:12 - 2014-10-18 14:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2014-11-24 01:12 - 2014-10-18 14:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2014-11-24 01:12 - 2014-10-18 14:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2014-11-24 01:12 - 2014-10-17 15:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2014-11-24 01:12 - 2014-10-17 14:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2014-11-24 01:11 - 2014-10-18 14:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
    2014-11-24 01:11 - 2014-10-18 14:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2014-11-22 11:49 - 2014-11-22 11:49 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
    2014-11-21 18:50 - 2014-11-21 18:50 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\LavasoftStatistics
    2014-11-21 18:49 - 2014-11-21 18:49 - 00004688 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini
    2014-11-21 18:49 - 2014-11-21 18:49 - 00002520 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
    2014-11-21 18:49 - 2014-11-21 18:49 - 00002520 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
    2014-11-21 18:49 - 2014-11-13 18:42 - 00358736 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
    2014-11-21 18:49 - 2014-11-13 18:42 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
    2014-11-21 18:46 - 2014-11-21 18:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2014-11-21 18:39 - 2014-11-21 18:39 - 01754248 _____ () C:\Users\SiewYun\Downloads\Adaware_Installer.exe
    2014-11-11 01:28 - 2014-11-21 04:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-11-11 01:28 - 2014-11-21 04:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-06 01:08 - 2014-01-08 23:12 - 00004990 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DAVID_LING-SiewYun David_Ling
    2014-12-06 01:05 - 2013-04-27 13:30 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2014-12-06 01:03 - 2013-05-03 19:23 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3391250251-679178658-363545533-1001
    2014-12-06 01:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-12-06 00:58 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-06 00:58 - 2013-05-03 12:18 - 00000000 __RDO () C:\Users\SiewYun\SkyDrive
    2014-12-06 00:45 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-12-05 23:42 - 2013-12-07 21:48 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-12-05 20:58 - 2013-09-30 12:10 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-12-05 14:59 - 2014-07-29 11:22 - 01949631 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-05 13:37 - 2014-07-28 11:37 - 00000000 ____D () C:\AdwCleaner
    2014-12-05 13:20 - 2014-07-28 11:41 - 00000000 ____D () C:\Users\SiewYun\AppData\Local\CrashDumps
    2014-12-05 12:30 - 2013-05-07 17:58 - 00001042 _____ () C:\Users\SiewYun\AppData\Roaming\coreavc.ini
    2014-12-05 00:21 - 2014-08-18 09:36 - 00000000 ____D () C:\XiGua Yingshi
    2014-12-04 13:27 - 2014-07-29 03:25 - 00802416 _____ () C:\WINDOWS\PFRO.log
    2014-12-04 10:23 - 2013-11-15 19:58 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{607939BC-904D-41B0-9063-7616A68D2E6E}
    2014-12-04 10:18 - 2014-07-29 02:30 - 00000000 ____D () C:\WINDOWS\system32\log
    2014-12-04 10:11 - 2014-07-15 12:12 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-12-04 00:22 - 2014-08-07 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2014-12-04 00:16 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-12-01 12:37 - 2013-05-06 01:42 - 00843776 ___SH () C:\Users\SiewYun\Desktop\Thumbs.db
    2014-12-01 02:48 - 2014-08-07 11:30 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
    2014-12-01 02:21 - 2014-07-15 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-01 02:21 - 2014-07-15 12:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-01 02:02 - 2013-05-03 19:23 - 00000000 ____D () C:\Users\SiewYun\AppData\Local\softthinks
    2014-12-01 01:46 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-11-30 16:45 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
    2014-11-29 19:52 - 2014-11-01 19:19 - 00000000 ____D () C:\Users\SiewYun\Desktop\drums
    2014-11-27 10:24 - 2014-10-31 21:02 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-11-26 20:53 - 2013-11-26 09:36 - 00000000 ____D () C:\Program Files\HLAMFP
    2014-11-26 11:49 - 2013-08-22 22:44 - 00372520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-11-26 11:45 - 2014-07-09 18:15 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-26 10:59 - 2013-07-02 19:43 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2014-11-24 01:20 - 2013-09-04 12:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-24 01:14 - 2013-09-04 12:01 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-11-23 19:01 - 2014-10-31 21:38 - 00001401 _____ () C:\Users\SiewYun\Desktop\Chromecast.lnk
    2014-11-22 11:49 - 2013-05-02 21:28 - 00000000 ____D () C:\Users\SiewYun\AppData\Local\Google
    2014-11-21 18:46 - 2014-08-24 19:37 - 00002997 _____ () C:\WINDOWS\setupact.log
    2014-11-21 00:12 - 2014-09-04 00:19 - 00025125 _____ () C:\Users\SiewYun\Desktop\MVO Price.xlsx
    2014-11-15 20:43 - 2014-10-31 21:38 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001UA
    2014-11-15 20:43 - 2014-10-31 21:38 - 00003508 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001Core
    2014-11-15 14:21 - 2013-05-03 12:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-11-15 14:18 - 2013-05-02 21:28 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-15 14:18 - 2013-05-02 21:28 - 00003664 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-12 10:48 - 2013-12-12 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-11 10:57 - 2013-11-16 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-11 01:25 - 2013-09-30 11:58 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\setup
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-11-11 01:25 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
    2014-11-10 09:54 - 2013-11-26 10:56 - 00000000 ____D () C:\Users\SiewYun\Desktop\HLA

    Some content of TEMP:
    ====================
    C:\Users\SiewYun\AppData\Local\Temp\bcada377-9f13-4ea8-b57c-dab7a4256f19.exe
    C:\Users\SiewYun\AppData\Local\Temp\lowproc.exe
    C:\Users\SiewYun\AppData\Local\Temp\sogou_pinyin_7.4.0.3734.exe
    C:\Users\SiewYun\AppData\Local\Temp\SpOrder.dll
    C:\Users\SiewYun\AppData\Local\Temp\stubhelper.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-28 22:08

    ==================== End Of Log ============================


    • 0

    Advertisements

    #11
    eys12345
    Posted 05 December 2014 - 11:13 AM

    eys12345

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Additional scan result:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
    Ran by SiewYun at 2014-12-06 01:08:45
    Running from C:\Users\SiewYun\Desktop\anti virus
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    ChromecastApp (HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
    Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
    deskPDF Studio X (HKLM-x32\...\deskPDF Studio_is1) (Version:  - Docudesk)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
    HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HP Virtual Room Client Launcher Plugin (HKLM-x32\...\{E9C450A0-4606-11E0-9207-0800200C9A66}) (Version: 2.0.0.1 - Hewlett-Packard)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Macromedia Flash Player 8 (HKLM-x32\...\{6815FCDD-401D-481E-BA88-31B4754C2B46}) (Version: 8.0.22.0 - Macromedia)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    PrivDog (HKLM-x32\...\PrivDog) (Version: 2.2.0.14 - privdog.com)
    QPostPro 2.5.4.49 (HKLM-x32\...\QPostPro) (Version: 2.5.4.49 - Giosis)
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
    Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1228.1 - Microsoft Corporation) Hidden
    Videostream Port Fix (HKLM-x32\...\{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}) (Version: 1.0.0 - Videostream, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    搜狗拼音输入法 7.4正式版 (HKLM-x32\...\Sogou Input) (Version: 7.4.0.3734 - Sogou.com)
    西瓜 (HKLM-x32\...\西瓜) (Version:  - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3391250251-679178658-363545533-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3391250251-679178658-363545533-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3391250251-679178658-363545533-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\SiewYun\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points  =========================

    31-10-2014 13:09:56 Installed Videostream Port Fix
    10-11-2014 17:16:56 Windows Update
    21-11-2014 10:39:41 AA11
    26-11-2014 03:36:20 Windows Update
    30-11-2014 17:44:52 Windows Update
    03-12-2014 16:13:55 Removed GeekBuddy.
    03-12-2014 16:15:59 Removed GeekBuddy.
    05-12-2014 06:56:15 AA11

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 21:25 - 2014-07-28 18:30 - 00000860 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02BC7A06-65F4-4F61-B212-4BE7E3615DC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)
    Task: {31526987-434F-4FCC-A70F-1B34FB6E38D3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DAVID_LING-SiewYun David_Ling => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
    Task: {365257A0-7060-43B7-A7D2-C8505BEB375E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001UA => C:\Users\SiewYun\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
    Task: {3CB6D3BB-D82F-40AB-8221-A685EBBDF3BD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-02-01] (PC-Doctor, Inc.)
    Task: {444FBF02-E66E-448B-AB10-CC91409F74C0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {4F988758-95C7-440F-BE1E-E855F7D4D743} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-24] (Microsoft Corporation)
    Task: {51C1D609-8CE3-4602-BCEB-1E78513C64FC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3391250251-679178658-363545533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {5AA21F4B-C5C2-4471-988B-52311EFD68F5} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {5B6D1E43-3744-453A-B962-AA7258AE0377} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-02-01] (PC-Doctor, Inc.)
    Task: {674C2BDA-3BF8-453E-A834-F03D2EC437AF} - System32\Tasks\PPSProtect => C:\Program Files (x86)\PPStream\PPSProtect.exe
    Task: {6951BE63-CEF8-4943-A3CE-3B22569016B4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3391250251-679178658-363545533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {6AFD0E36-9D74-4D20-9202-A13D865612EF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3391250251-679178658-363545533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {7859DBA7-70BC-4A39-BE42-8F2BA78534C0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {8081C620-B88E-476A-AE11-9C2CB55603D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)
    Task: {A5046279-0FB0-4D08-94F5-6973A562B9B1} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3391250251-679178658-363545533-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
    Task: {A645A359-4145-400C-B039-35BB6E576DD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
    Task: {AAD44918-BF20-485E-85DA-9097CF9EED2F} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2014-09-26] (Sogou.com Inc.)
    Task: {AD3A9A86-299C-4429-920F-3CC3688AE604} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001Core => C:\Users\SiewYun\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
    Task: {DB7D5D6A-C44F-4E39-BC59-ADD79A216E9F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {E7A699E3-ED0B-40F2-B022-188682965B08} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3391250251-679178658-363545533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {F459EC66-19BB-4B40-9A69-5946C57DBD02} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3391250251-679178658-363545533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

    ==================== Loaded Modules (whitelisted) =============

    2014-11-27 17:05 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
    2014-03-26 10:23 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-11-15 14:20 - 2014-09-23 21:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-08-22 15:19 - 2013-08-22 14:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
    2014-09-19 02:37 - 2014-07-03 10:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-15 14:20 - 2014-11-15 14:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2013-04-27 13:25 - 2012-07-19 03:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2014-09-19 02:37 - 2014-07-31 06:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2013-04-27 13:30 - 2012-11-26 13:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2014-09-19 02:37 - 2012-11-26 13:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
    2013-12-12 15:00 - 2014-11-11 10:57 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\SiewYun\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
    HKLM\...\StartupApproved\Run: => "AdAwareTray"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "tvncontrol"
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_43F282E67E516E6330CC88AFFA394C6F"
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\StartupApproved\Run: => "PPS Accelerator"
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\StartupApproved\Run: => "ImeGuardCom"
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\StartupApproved\Run: => "Web Companion"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3391250251-679178658-363545533-500 - Administrator - Disabled)
    Guest (S-1-5-21-3391250251-679178658-363545533-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3391250251-679178658-363545533-1003 - Limited - Enabled)
    SiewYun (S-1-5-21-3391250251-679178658-363545533-1001 - Administrator - Enabled) => C:\Users\SiewYun

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (12/06/2014 00:58:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The sbapifs service failed to start due to the following error:
    %%2

    Error: (12/06/2014 00:45:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The sbapifs service failed to start due to the following error:
    %%2

    Error: (12/06/2014 00:28:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The sbapifs service failed to start due to the following error:
    %%2

    Error: (12/05/2014 08:52:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The sbapifs service failed to start due to the following error:
    %%2

    Error: (12/05/2014 07:42:09 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

    Error: (12/05/2014 07:42:09 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

    Error: (12/05/2014 07:42:09 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

    Error: (12/05/2014 07:42:09 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

    Error: (12/05/2014 07:42:09 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

    Error: (12/05/2014 07:42:09 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
      Date: 2014-12-01 02:28:49.126
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-12-01 02:21:06.285
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-12-01 01:58:40.414
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-30 16:02:40.465
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-29 20:08:39.680
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-29 19:56:22.769
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-29 19:43:48.033
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-29 10:06:41.064
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-28 00:36:12.701
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-11-27 17:30:54.419
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-3330S CPU @ 2.70GHz
    Percentage of memory in use: 36%
    Total physical RAM: 3967.57 MB
    Available physical RAM: 2505.98 MB
    Total Pagefile: 6143.57 MB
    Available Pagefile: 4627.69 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:921.61 GB) (Free:713.19 GB) NTFS
    Drive f: (ESP) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32
    Drive x: () (Fixed) (Total:0.34 GB) (Free:0.05 GB) NTFS
    Drive y: (PBR Image) (Fixed) (Total:8.43 GB) (Free:0.23 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: D2685EC7)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================


    • 0

    #12
    eys12345
    Posted 05 December 2014 - 11:18 AM

    eys12345

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Hi Expert

     

    They're gone...wow!

     

    zillion thanks to you :-)


    • 0

    #13
    RKinner
    Posted 05 December 2014 - 05:40 PM

    RKinner

      Malware Expert

    • Expert
    • 24,748 posts
    • MVP

    I have another fixlist for you.  This one will fix the error we are seeing in your system logs:

     

    Error: (12/05/2014 08:52:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The sbapifs service failed to start due to the following error:
    %%2

     

     

    This is an old vipre driver that did not get removed.

     

    Your other error

     

    Error: (12/05/2014 07:42:09 PM) (Source: DCOM) (EventID: 10010) (User: DAVID_LING)
    Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

     

     

     

    has a fix:

     

    http://www.eightforu...em-error-2.html


    • 0

    #14
    eys12345
    Posted 06 December 2014 - 08:43 AM

    eys12345

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Fixlog:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2014
    Ran by SiewYun at 2014-12-06 22:39:05 Run:3
    Running from C:\Users\SiewYun\Desktop\anti virus\FRST
    Loaded Profile: SiewYun (Available profiles: SiewYun)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} ->  No File
    FF Extension: No Name - C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\or5vfbda.default-1417434209467\extensions\[email protected] [Not Found]
    S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
    S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]



    *****************

    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => Key not found.
    "HKCR\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => Key not found.
    C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\or5vfbda.default-1417434209467\extensions\[email protected] not found.
    PCDSRVC{D3412D80-CF3B4A27-06020200}_0 => Service not found.
    sbapifs => Service not found.

    ==== End of Fixlog ====


    • 0

    #15
    eys12345
    Posted 06 December 2014 - 08:44 AM

    eys12345

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    FRST:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014
    Ran by SiewYun (administrator) on DAVID_LING on 06-12-2014 22:40:02
    Running from C:\Users\SiewYun\Desktop\anti virus\FRST
    Loaded Profile: SiewYun (Available profiles: SiewYun)
    Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Docudesk Corporation) C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-13] (Realtek Semiconductor)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [SkyDrive] => C:\Users\SiewYun\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-10] (Microsoft Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10240 2013-08-22] (Microsoft Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [ImeGuardCom] => C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.26\SGImeGuard.exe [368760 2014-06-19] (Sogou.com Inc.)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [Google Update] => C:\Users\SiewYun\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-31] (Google Inc.)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk Corporation)
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\MountPoints2: {700cf3ce-bca8-11e2-be6f-a41f72692a0f} - "F:\WD SmartWare.exe" autoplay=true
    BootExecute: autocheck autochk * bootdelete
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3391250251-679178658-363545533-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3391250251-679178658-363545533-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
    SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> DefaultScope {7F84046E-812F-48EE-92B4-D8E52B87043C} URL =
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-3391250251-679178658-363545533-1001 -> {FBDA77BE-6BBE-4B77-84E8-9DFDDDDBC313} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: XGBHOer Class -> {D688CDAC-8854-46AC-A2D0-DD4B6122F3D0} -> C:\Users\Public\Documents\xbho.dll ()
    DPF: HKLM-x32 {1FAF427B-1EE5-43D3-A023-3009142AFCE1} https://www2.pbebank...l/csoex_pbb.cab
    DPF: HKLM-x32 {B9B2EE1A-E314-4338-A305-BE845EACB113} https://www2.pbebank...ntrol/csw25.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\or5vfbda.default-1417434209467
    FF Homepage: https://www.facebook.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @xigua.com/npxgax -> C:\Program Files (x86)\xigua\2.12.0.5\npxgax.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: @tools.google.com/Google Update;version=3 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3391250251-679178658-363545533-1001: @tools.google.com/Google Update;version=9 -> C:\Users\SiewYun\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-24]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKU\S-1-5-21-3391250251-679178658-363545533-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\y57zhh5c.default-1406574551022\extensions
    FF Extension: No Name - C:\Users\SiewYun\AppData\Roaming\Mozilla\Firefox\Profiles\or5vfbda.default-1417434209467\extensions\[email protected] [Not Found]

    Chrome:
    =======
    CHR HomePage: Default -> about:blank
    CHR StartupUrls: Default -> "https://www.facebook.com/", "https://apps.facebook.com/candycrush/?fb_source=bookmark&ref=bookmarks&count=0&fb_bmpos=_0", "https://apps.facebook.com/farmheroes/?type=partner&st1=kinghubs&st2=candycrush&st3=topbanner", "chrome://newtab/", "hxxp://www.hotmail.com/"
    CHR DefaultSearchURL: Default -> http://www.google.co...q={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
    CHR Profile: C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-02]
    CHR Extension: (Google Drive) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
    CHR Extension: (YouTube) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-02]
    CHR Extension: (Google Cast) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-31]
    CHR Extension: (Google Search) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-02]
    CHR Extension: (Google Wallet) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR Extension: (Gmail) - C:\Users\SiewYun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-02]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-19] (SoftThinks SAS)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-07-29] ()
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-06 01:22 - 2014-12-06 01:24 - 00000073 _____ () C:\ckcore.txt
    2014-12-06 01:21 - 2014-12-06 01:21 - 00000000 ____D () C:\Program Files (x86)\xigua
    2014-12-06 01:20 - 2014-12-06 01:24 - 00277960 _____ () C:\Users\Public\Documents\xbho.dll
    2014-12-06 01:19 - 2014-12-06 01:20 - 22328784 _____ (西瓜) C:\Users\SiewYun\Downloads\xigua_Install.exe
    2014-12-06 00:35 - 2014-12-06 00:41 - 03731400 _____ () C:\Users\SiewYun\Downloads\The_New_Bitdefender_UninstallTool.exe
    2014-12-06 00:31 - 2014-12-06 00:31 - 03480040 _____ (McAfee, Inc.) C:\Users\SiewYun\Downloads\MCPR.exe
    2014-12-05 14:55 - 2014-12-06 01:12 - 00000000 ____D () C:\Users\SiewYun\Desktop\anti virus
    2014-12-05 13:30 - 2014-12-06 22:34 - 00000275 _____ () C:\AdwCleanerDebug.txt
    2014-12-05 13:27 - 2014-12-06 22:40 - 00000000 ____D () C:\FRST
    2014-12-04 02:04 - 2014-12-04 02:04 - 00098608 _____ () C:\Users\SiewYun\Downloads\Extras.Txt
    2014-12-04 02:03 - 2014-12-04 02:03 - 00189826 _____ () C:\Users\SiewYun\Downloads\OTL.Txt
    2014-12-04 01:54 - 2014-12-04 01:54 - 00602112 _____ (OldTimer Tools) C:\Users\SiewYun\Downloads\OTL.exe
    2014-12-04 01:01 - 2014-12-04 01:01 - 02365840 _____ () C:\Users\SiewYun\Downloads\SecurityTaskManager_Setup.exe
    2014-12-03 21:23 - 2014-12-03 21:24 - 00000000 ____D () C:\ProgramData\IObit
    2014-12-03 21:23 - 2014-12-03 21:23 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\IObit
    2014-12-03 21:22 - 2014-12-03 21:23 - 32809520 _____ (IObit ) C:\Users\SiewYun\Downloads\IObit-Malware-Fighter-Setup.exe
    2014-12-03 21:14 - 2014-12-03 21:14 - 00448202 _____ () C:\Users\SiewYun\Downloads\AntiHijackSetup(1).exe
    2014-12-03 21:13 - 2014-12-03 21:13 - 00230744 _____ () C:\Users\SiewYun\Downloads\AntiHijackSetup.exe
    2014-12-01 02:02 - 2014-12-01 02:08 - 00000000 ____D () C:\ProgramData\softthinks
    2014-12-01 02:02 - 2014-09-19 02:13 - 00000114 ____H () C:\DBAR_Ver.txt
    2014-11-29 19:45 - 2014-11-29 19:46 - 00000000 ____D () C:\Users\SiewYun\Desktop\ryan
    2014-11-27 17:06 - 2014-11-27 17:10 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\deskPDF Editor
    2014-11-27 17:05 - 2014-11-27 17:05 - 00000969 _____ () C:\WINDOWS\deskinst.log
    2014-11-27 17:05 - 2013-08-12 11:29 - 00081608 _____ () C:\WINDOWS\system32\ddcvt4.exe
    2014-11-27 17:05 - 2013-08-12 11:28 - 00057032 _____ () C:\WINDOWS\system32\desksc.exe
    2014-11-27 17:05 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
    2014-11-27 17:04 - 2014-11-27 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docudesk
    2014-11-27 17:04 - 2014-11-27 17:04 - 00000000 ____D () C:\Program Files (x86)\Docudesk
    2014-11-27 17:04 - 2013-08-12 11:29 - 00081608 _____ () C:\WINDOWS\SysWOW64\ddcvt4.exe
    2014-11-27 17:04 - 2013-08-12 11:28 - 00057032 _____ () C:\WINDOWS\SysWOW64\desksc.exe
    2014-11-27 17:02 - 2014-11-27 17:02 - 00370632 _____ ( ) C:\Users\SiewYun\Downloads\deskPDFStudio-X-WebInstaller_4002.exe
    2014-11-26 10:59 - 2014-11-26 10:59 - 04443312 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2014-11-24 01:17 - 2014-10-31 13:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-11-24 01:17 - 2014-10-31 11:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-11-24 01:17 - 2014-10-13 10:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2014-11-24 01:17 - 2014-10-11 08:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2014-11-24 01:17 - 2014-10-11 08:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2014-11-24 01:17 - 2014-10-08 15:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2014-11-24 01:17 - 2014-10-08 15:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
    2014-11-24 01:17 - 2014-10-08 14:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
    2014-11-24 01:17 - 2014-10-08 13:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-11-24 01:17 - 2014-10-08 13:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-11-24 01:17 - 2014-10-07 14:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2014-11-24 01:17 - 2014-10-07 14:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2014-11-24 01:17 - 2014-10-07 14:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2014-11-24 01:17 - 2014-10-07 14:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2014-11-24 01:17 - 2014-10-07 14:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2014-11-24 01:17 - 2014-10-07 11:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2014-11-24 01:17 - 2014-10-07 11:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2014-11-24 01:17 - 2014-10-07 11:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2014-11-24 01:17 - 2014-10-07 09:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2014-11-24 01:17 - 2014-10-07 09:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2014-11-24 01:17 - 2014-09-27 15:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2014-11-24 01:17 - 2014-09-27 13:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2014-11-24 01:17 - 2014-09-27 11:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2014-11-24 01:17 - 2014-09-27 11:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2014-11-24 01:17 - 2014-09-27 11:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2014-11-24 01:17 - 2014-09-22 12:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2014-11-24 01:17 - 2014-09-22 11:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
    2014-11-24 01:17 - 2014-09-22 11:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
    2014-11-24 01:17 - 2014-09-22 10:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
    2014-11-24 01:17 - 2014-09-19 08:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2014-11-24 01:17 - 2014-09-03 06:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
    2014-11-24 01:17 - 2014-09-03 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
    2014-11-24 01:17 - 2014-08-23 13:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2014-11-24 01:17 - 2014-08-23 13:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2014-11-24 01:16 - 2014-10-31 13:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
    2014-11-24 01:16 - 2014-10-31 13:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
    2014-11-24 01:16 - 2014-10-31 13:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
    2014-11-24 01:16 - 2014-10-31 13:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
    2014-11-24 01:16 - 2014-10-31 13:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
    2014-11-24 01:16 - 2014-10-31 13:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-11-24 01:16 - 2014-10-31 13:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
    2014-11-24 01:16 - 2014-10-31 13:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-11-24 01:16 - 2014-10-31 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-11-24 01:16 - 2014-10-31 13:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-11-24 01:16 - 2014-10-31 13:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2014-11-24 01:16 - 2014-10-31 13:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-11-24 01:16 - 2014-10-31 12:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-11-24 01:16 - 2014-10-31 12:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-11-24 01:16 - 2014-10-31 12:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
    2014-11-24 01:16 - 2014-10-31 12:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2014-11-24 01:16 - 2014-10-31 12:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2014-11-24 01:16 - 2014-10-31 12:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2014-11-24 01:16 - 2014-10-31 12:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-11-24 01:16 - 2014-10-31 12:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-11-24 01:16 - 2014-10-31 12:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-11-24 01:16 - 2014-10-31 12:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-11-24 01:16 - 2014-10-31 12:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
    2014-11-24 01:16 - 2014-10-31 12:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-11-24 01:16 - 2014-10-31 12:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2014-11-24 01:16 - 2014-10-31 12:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
    2014-11-24 01:16 - 2014-10-31 12:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
    2014-11-24 01:16 - 2014-10-31 12:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2014-11-24 01:16 - 2014-10-31 12:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-11-24 01:16 - 2014-10-31 12:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-11-24 01:16 - 2014-10-31 12:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
    2014-11-24 01:16 - 2014-10-31 12:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2014-11-24 01:16 - 2014-10-31 12:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-11-24 01:16 - 2014-10-31 12:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
    2014-11-24 01:16 - 2014-10-31 12:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2014-11-24 01:16 - 2014-10-31 12:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2014-11-24 01:16 - 2014-10-31 12:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-11-24 01:16 - 2014-10-31 12:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-11-24 01:16 - 2014-10-31 12:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-11-24 01:16 - 2014-10-31 12:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-11-24 01:16 - 2014-10-31 11:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-11-24 01:16 - 2014-10-31 11:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-11-24 01:16 - 2014-10-31 11:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2014-11-24 01:16 - 2014-10-31 11:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
    2014-11-24 01:16 - 2014-10-31 11:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-11-24 01:16 - 2014-10-31 11:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
    2014-11-24 01:16 - 2014-10-31 11:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
    2014-11-24 01:16 - 2014-10-31 11:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
    2014-11-24 01:16 - 2014-10-31 11:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
    2014-11-24 01:16 - 2014-10-31 11:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
    2014-11-24 01:16 - 2014-10-31 11:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-11-24 01:16 - 2014-10-31 11:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
    2014-11-24 01:16 - 2014-10-31 11:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-11-24 01:16 - 2014-10-31 11:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2014-11-24 01:16 - 2014-10-31 11:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-11-24 01:16 - 2014-10-31 11:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-11-24 01:16 - 2014-10-31 11:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-11-24 01:16 - 2014-10-31 11:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-11-24 01:16 - 2014-10-31 11:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-11-24 01:16 - 2014-10-31 11:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-11-24 01:16 - 2014-10-31 11:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
    2014-11-24 01:16 - 2014-10-31 11:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
    2014-11-24 01:16 - 2014-10-31 11:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2014-11-24 01:16 - 2014-10-31 11:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2014-11-24 01:16 - 2014-10-31 11:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-11-24 01:16 - 2014-10-31 11:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-11-24 01:16 - 2014-10-31 11:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
    2014-11-24 01:16 - 2014-10-31 11:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-11-24 01:16 - 2014-10-31 10:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-24 01:16 - 2014-10-31 10:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
    2014-11-24 01:16 - 2014-10-31 10:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
    2014-11-24 01:16 - 2014-10-31 10:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
    2014-11-24 01:16 - 2014-10-31 10:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-11-24 01:16 - 2014-10-31 10:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
    2014-11-24 01:16 - 2014-10-31 10:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-11-24 01:16 - 2014-10-31 10:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2014-11-24 01:16 - 2014-10-31 10:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-11-24 01:16 - 2014-10-31 10:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
    2014-11-24 01:16 - 2014-10-31 10:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-11-24 01:16 - 2014-10-31 10:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2014-11-24 01:16 - 2014-10-31 10:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2014-11-24 01:16 - 2014-10-31 10:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-11-24 01:16 - 2014-10-31 10:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-11-24 01:16 - 2014-10-31 10:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-11-24 01:16 - 2014-10-31 10:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-11-24 01:16 - 2014-10-31 10:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2014-11-24 01:16 - 2014-10-31 10:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
    2014-11-24 01:16 - 2014-10-31 10:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-11-24 01:16 - 2014-10-31 10:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-11-24 01:16 - 2014-10-31 10:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-11-24 01:15 - 2014-11-10 07:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2014-11-24 01:15 - 2014-11-10 07:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2014-11-24 01:15 - 2014-11-10 07:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
    2014-11-24 01:15 - 2014-11-10 07:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
    2014-11-24 01:15 - 2014-10-23 13:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
    2014-11-24 01:15 - 2014-10-23 13:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
    2014-11-24 01:15 - 2014-10-07 11:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-11-24 01:15 - 2014-09-10 14:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2014-11-24 01:15 - 2014-09-08 11:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-11-24 01:15 - 2014-09-08 11:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-11-24 01:15 - 2014-09-08 06:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-11-24 01:15 - 2014-09-05 06:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2014-11-24 01:15 - 2014-09-05 06:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2014-11-24 01:15 - 2014-09-04 11:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2014-11-24 01:15 - 2014-09-04 10:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2014-11-24 01:15 - 2014-09-04 09:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2014-11-24 01:15 - 2014-09-04 08:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
    2014-11-24 01:15 - 2014-08-31 08:17 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
    2014-11-24 01:15 - 2014-08-31 08:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-11-24 01:15 - 2014-08-31 06:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-11-24 01:15 - 2014-08-31 06:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
    2014-11-24 01:15 - 2014-08-31 05:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
    2014-11-24 01:15 - 2014-08-31 05:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2014-11-24 01:15 - 2014-08-31 04:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
    2014-11-24 01:15 - 2014-08-31 04:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2014-11-24 01:15 - 2014-08-28 10:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2014-11-24 01:15 - 2014-08-28 08:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
    2014-11-24 01:15 - 2014-08-28 08:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
    2014-11-24 01:15 - 2014-08-23 13:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2014-11-24 01:15 - 2014-08-23 13:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2014-11-24 01:15 - 2014-08-23 12:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2014-11-24 01:15 - 2014-08-02 08:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
    2014-11-24 01:15 - 2014-08-02 08:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
    2014-11-24 01:13 - 2014-10-10 09:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2014-11-24 01:13 - 2014-10-10 09:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
    2014-11-24 01:13 - 2014-10-10 09:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2014-11-24 01:13 - 2014-10-08 15:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
    2014-11-24 01:13 - 2014-10-08 15:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
    2014-11-24 01:13 - 2014-10-08 15:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2014-11-24 01:13 - 2014-10-08 15:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
    2014-11-24 01:13 - 2014-10-08 14:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2014-11-24 01:13 - 2014-10-08 14:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
    2014-11-24 01:13 - 2014-10-08 14:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
    2014-11-24 01:13 - 2014-10-08 14:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2014-11-24 01:13 - 2014-10-08 14:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2014-11-24 01:13 - 2014-10-08 13:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2014-11-24 01:12 - 2014-11-05 07:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2014-11-24 01:12 - 2014-11-04 08:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2014-11-24 01:12 - 2014-10-31 12:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2014-11-24 01:12 - 2014-10-31 12:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2014-11-24 01:12 - 2014-10-31 12:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2014-11-24 01:12 - 2014-10-18 17:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2014-11-24 01:12 - 2014-10-18 16:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2014-11-24 01:12 - 2014-10-18 16:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2014-11-24 01:12 - 2014-10-18 15:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2014-11-24 01:12 - 2014-10-18 14:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2014-11-24 01:12 - 2014-10-18 14:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2014-11-24 01:12 - 2014-10-18 14:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2014-11-24 01:12 - 2014-10-18 14:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2014-11-24 01:12 - 2014-10-18 14:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2014-11-24 01:12 - 2014-10-18 14:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2014-11-24 01:12 - 2014-10-18 14:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2014-11-24 01:12 - 2014-10-18 14:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2014-11-24 01:12 - 2014-10-18 14:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2014-11-24 01:12 - 2014-10-18 14:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2014-11-24 01:12 - 2014-10-17 15:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2014-11-24 01:12 - 2014-10-17 14:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2014-11-24 01:11 - 2014-10-18 14:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
    2014-11-24 01:11 - 2014-10-18 14:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2014-11-22 11:49 - 2014-11-22 11:49 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
    2014-11-21 18:50 - 2014-11-21 18:50 - 00000000 ____D () C:\Users\SiewYun\AppData\Roaming\LavasoftStatistics
    2014-11-21 18:49 - 2014-11-21 18:49 - 00004688 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini
    2014-11-21 18:49 - 2014-11-21 18:49 - 00002520 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
    2014-11-21 18:49 - 2014-11-21 18:49 - 00002520 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
    2014-11-21 18:49 - 2014-11-13 18:42 - 00358736 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
    2014-11-21 18:49 - 2014-11-13 18:42 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
    2014-11-21 18:46 - 2014-11-21 18:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2014-11-21 18:39 - 2014-11-21 18:39 - 01754248 _____ () C:\Users\SiewYun\Downloads\Adaware_Installer.exe
    2014-11-11 01:28 - 2014-11-21 04:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-11-11 01:28 - 2014-11-21 04:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-06 22:38 - 2013-04-27 13:30 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2014-12-06 22:36 - 2014-07-29 03:25 - 00803346 _____ () C:\WINDOWS\PFRO.log
    2014-12-06 22:36 - 2014-01-08 23:12 - 00004990 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DAVID_LING-SiewYun David_Ling
    2014-12-06 22:36 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-06 22:36 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-12-06 22:36 - 2013-05-03 12:18 - 00000000 ___DO () C:\Users\SiewYun\SkyDrive
    2014-12-06 22:35 - 2014-07-28 11:37 - 00000000 ____D () C:\AdwCleaner
    2014-12-06 22:02 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-12-06 21:54 - 2014-08-18 09:36 - 00000000 ____D () C:\XiGua Yingshi
    2014-12-06 17:34 - 2014-07-29 11:22 - 01066597 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-06 17:17 - 2013-05-03 19:23 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3391250251-679178658-363545533-1001
    2014-12-06 17:12 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-12-06 01:28 - 2014-10-31 21:02 - 00001308 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-06 01:24 - 2014-07-17 00:12 - 00000000 ____D () C:\Users\Public\Documents\temp
    2014-12-05 23:42 - 2013-12-07 21:48 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-12-05 20:58 - 2013-09-30 12:10 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-12-05 13:20 - 2014-07-28 11:41 - 00000000 ____D () C:\Users\SiewYun\AppData\Local\CrashDumps
    2014-12-05 12:30 - 2013-05-07 17:58 - 00001042 _____ () C:\Users\SiewYun\AppData\Roaming\coreavc.ini
    2014-12-04 10:23 - 2013-11-15 19:58 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{607939BC-904D-41B0-9063-7616A68D2E6E}
    2014-12-04 10:18 - 2014-07-29 02:30 - 00000000 ____D () C:\WINDOWS\system32\log
    2014-12-04 10:11 - 2014-07-15 12:12 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-12-04 00:22 - 2014-08-07 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2014-12-01 12:37 - 2013-05-06 01:42 - 00843776 ___SH () C:\Users\SiewYun\Desktop\Thumbs.db
    2014-12-01 02:48 - 2014-08-07 11:30 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
    2014-12-01 02:21 - 2014-07-15 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-01 02:21 - 2014-07-15 12:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-01 02:02 - 2013-05-03 19:23 - 00000000 ____D () C:\Users\SiewYun\AppData\Local\softthinks
    2014-12-01 01:46 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-11-30 16:45 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
    2014-11-29 19:52 - 2014-11-01 19:19 - 00000000 ____D () C:\Users\SiewYun\Desktop\drums
    2014-11-26 20:53 - 2013-11-26 09:36 - 00000000 ____D () C:\Program Files\HLAMFP
    2014-11-26 11:49 - 2013-08-22 22:44 - 00372520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-11-26 11:45 - 2014-07-09 18:15 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-26 11:45 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-26 10:59 - 2013-07-02 19:43 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2014-11-24 01:20 - 2013-09-04 12:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-24 01:14 - 2013-09-04 12:01 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-11-23 19:01 - 2014-10-31 21:38 - 00001401 _____ () C:\Users\SiewYun\Desktop\Chromecast.lnk
    2014-11-22 11:49 - 2013-05-02 21:28 - 00000000 ____D () C:\Users\SiewYun\AppData\Local\Google
    2014-11-21 18:46 - 2014-08-24 19:37 - 00002997 _____ () C:\WINDOWS\setupact.log
    2014-11-21 00:12 - 2014-09-04 00:19 - 00025125 _____ () C:\Users\SiewYun\Desktop\MVO Price.xlsx
    2014-11-15 20:43 - 2014-10-31 21:38 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001UA
    2014-11-15 20:43 - 2014-10-31 21:38 - 00003508 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391250251-679178658-363545533-1001Core
    2014-11-15 14:21 - 2013-05-03 12:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-11-15 14:18 - 2013-05-02 21:28 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-15 14:18 - 2013-05-02 21:28 - 00003664 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-12 10:48 - 2013-12-12 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-11 10:57 - 2013-11-16 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-11 01:25 - 2013-09-30 11:58 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\setup
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-11-11 01:25 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-11-11 01:25 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
    2014-11-10 09:54 - 2013-11-26 10:56 - 00000000 ____D () C:\Users\SiewYun\Desktop\HLA

    Some content of TEMP:
    ====================
    C:\Users\SiewYun\AppData\Local\Temp\bcada377-9f13-4ea8-b57c-dab7a4256f19.exe
    C:\Users\SiewYun\AppData\Local\Temp\lowproc.exe
    C:\Users\SiewYun\AppData\Local\Temp\Quarantine.exe
    C:\Users\SiewYun\AppData\Local\Temp\sogou_pinyin_7.4.0.3734.exe
    C:\Users\SiewYun\AppData\Local\Temp\SpOrder.dll
    C:\Users\SiewYun\AppData\Local\Temp\sqlite3.dll
    C:\Users\SiewYun\AppData\Local\Temp\stubhelper.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-28 22:08

    ==================== End Of Log ============================


    • 0
    Back to Virus, Spyware, Malware Removal · Next Unread Topic →




    Similar Topics

    1 user(s) are reading this topic

    0 members, 1 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Virus, Spyware, Malware Removal

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP