Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 multiple error msg - Module failed to load [Solved]


  • This topic is locked This topic is locked

#1
Rasuka

Rasuka

    Member

  • Member
  • PipPip
  • 19 posts

Hi all!

 

I have recently run into multiple problems with my computer some which i have fixed and others are still in the progress of fixing. Every time i run my regular programs at start up it causes my computer to be really slow and I get these multiple regsvr32 error messages. I'm not sure if this was due to the recent virus attack which my computer just recovered from or coming from a different source but I've ran Malwarebytes anti-malware and nothing comes up. I also ran mcafee which removed the other virus, and a bunch of other virus scanners online and offline and multiple registry cleaners and nothing comes up.

 

Any help would be greatly appreciated  :D

 

Thanks

 

The following is my OLT log:-

 

OTL logfile created on: 27/12/2014 1:52:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rasuka\Computer stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
7.86 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 54.23% Memory free
15.73 Gb Paging File | 11.13 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.56 Gb Total Space | 68.42 Gb Free Space | 16.27% Space Free | Partition Type: NTFS
Drive D: | 25.47 Gb Total Space | 21.79 Gb Free Space | 85.54% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 2.77 Gb Free Space | 37.46% Space Free | Partition Type: FAT32
 
Computer Name: RASUKA-PC | User Name: Rasuka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/27 13:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rasuka\Computer stuff\OTL.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/13 10:32:57 | 001,353,672 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
PRC - [2014/12/13 10:32:47 | 000,190,920 | ---- | M] (深圳市迅雷网络技术有限公司) -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\ThunderPlatform.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/10/17 21:52:48 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/07/30 04:04:26 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/07/30 01:17:08 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/05/29 18:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/04/25 04:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/09/19 12:05:54 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013/05/08 02:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/05/30 18:32:26 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012/04/16 02:16:54 | 000,164,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/04/06 21:07:40 | 003,244,080 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
PRC - [2012/02/27 06:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/20 18:08:36 | 000,066,608 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
PRC - [2012/02/05 13:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/01/05 16:53:38 | 000,606,208 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
PRC - [2011/12/08 13:12:40 | 000,291,272 | ---- | M] () -- C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
PRC - [2011/01/29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2008/06/26 18:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/26 18:54:10 | 000,133,120 | ---- | M] () -- C:\Users\Rasuka\AppData\Roaming\fijryhfa\colers.dll
MOD - [2014/12/17 10:54:12 | 000,024,008 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush\WifiDetector\WifiDetector.dll
MOD - [2014/12/13 10:33:00 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\mini_unzip_dll.dll
MOD - [2014/12/13 10:32:59 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\libexpat.dll
MOD - [2014/12/13 10:32:51 | 000,077,824 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\zlib1.dll
MOD - [2014/12/13 10:32:51 | 000,053,112 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\XLCrypto.dll
MOD - [2014/12/13 10:32:50 | 000,534,984 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\ts.dll
MOD - [2014/12/13 10:32:50 | 000,129,480 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\tp\tp_proxy.dll
MOD - [2014/12/13 10:32:50 | 000,012,288 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\mini_unzip_dll.dll
MOD - [2014/12/13 10:32:49 | 001,268,168 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\emule_kernel.dll
MOD - [2014/12/13 10:32:49 | 000,143,360 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\libexpat.dll
MOD - [2014/12/13 10:32:49 | 000,019,968 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\minizip.dll
MOD - [2014/12/13 10:32:48 | 000,018,296 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\dl_uac_tool.dll
MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/11/24 18:40:20 | 000,254,408 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\BrowserSupportMoudle.dll
MOD - [2014/10/16 19:23:31 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/16 19:23:12 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/16 19:23:08 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/16 19:22:54 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/16 19:22:54 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/16 19:22:50 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014/10/16 19:22:49 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/16 19:22:45 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/16 19:22:38 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/16 19:22:38 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/16 19:22:35 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/02/14 19:32:12 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/13 09:23:39 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/10 12:44:24 | 004,592,128 | ---- | M] () -- C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 12:44:24 | 000,112,128 | ---- | M] () -- C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2013/11/06 20:27:42 | 000,014,280 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\iEmbed.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/05/30 18:32:24 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012/02/20 18:08:36 | 000,089,136 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\CommonTools.dll
MOD - [2012/02/20 18:08:36 | 000,021,040 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
MOD - [2012/01/05 16:53:38 | 000,606,208 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
MOD - [2011/12/08 13:12:40 | 000,291,272 | ---- | M] () -- C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
MOD - [2011/08/26 10:55:16 | 000,294,912 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UB\WPSCtrl.dll
MOD - [2011/08/11 17:30:04 | 000,659,456 | ---- | M] () -- C:\Windows\SysWOW64\vmprp332.ax
MOD - [2011/08/11 09:18:08 | 000,413,696 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UB\WlanDll.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/04 01:56:22 | 000,562,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/01 13:05:22 | 000,601,864 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2014/07/24 14:09:54 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/07/18 08:01:10 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/07/18 07:52:02 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/05/20 23:33:44 | 000,314,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2013/07/17 11:51:24 | 003,377,904 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/07/17 11:50:38 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/07/17 11:50:08 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/07/17 11:49:16 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/11 14:38:06 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012/03/07 04:00:46 | 000,629,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/12/17 15:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2008/06/26 18:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe -- (WlanWpsSvc)
SRV - [2014/12/19 18:38:02 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/17 20:10:51 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/13 10:33:02 | 000,174,024 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2014/12/12 22:05:36 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/26 10:23:35 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/10/17 21:52:48 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/07/30 04:04:26 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/07/30 01:17:08 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/05/29 18:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/05/20 23:33:48 | 000,278,344 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/04/25 04:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/19 12:05:54 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013/09/19 12:05:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/25 15:02:22 | 005,434,008 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/04/11 14:34:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/04/16 02:17:10 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/04/16 02:17:06 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/04/16 02:17:02 | 000,127,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/04/16 02:16:54 | 000,164,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/20 18:08:36 | 000,066,608 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe -- (LenovoSmartConnectService)
SRV - [2012/02/05 13:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/02/01 18:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/12/27 11:37:04 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/26 19:52:09 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2014/12/13 05:08:08 | 000,031,376 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/24 13:32:30 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/07/24 13:31:56 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/07/18 08:10:54 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/07/18 08:01:44 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/07/18 07:55:28 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/07/18 07:52:36 | 000,526,352 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/07/18 07:50:18 | 000,313,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/07/18 07:49:08 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/05/20 23:33:36 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/28 14:13:24 | 000,449,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/23 12:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/05/29 06:10:52 | 011,524,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/03/25 09:46:36 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio.sys -- (WsAudio_Device)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/11/30 00:05:40 | 000,464,184 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/11/30 00:05:38 | 000,031,032 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/30 18:42:44 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/05/30 18:42:44 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/05/30 17:54:55 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 06:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 06:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 06:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/06 05:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/02/01 03:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/27 12:00:28 | 000,109,056 | ---- | M] (Ozmo Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hswpan.sys -- (hswpan)
DRV:64bit: - [2012/01/26 20:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/01/26 20:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/01/13 02:03:36 | 000,008,192 | ---- | M] (TODO: <Company name>) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LAD.sys -- (LAD)
DRV:64bit: - [2012/01/05 01:26:18 | 000,085,080 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/12/15 02:25:40 | 000,958,800 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2011/12/05 03:05:26 | 001,600,128 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/10/10 02:56:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/10 02:56:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/23 21:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/20 12:58:18 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2011/01/29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/02/06 02:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/12/12 01:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2013/09/19 12:05:46 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://ca.search.ya...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...t&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 46 B0 1B 9E AC CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{E9FFB269-B854-4761-8C1C-BC5F324335E3}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "https://ca.search.ya...com/yhs/search"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.3beta1
FF - prefs.js..extensions.enabledAddons: %7B9D2AA73B-6049-4799-B8AC-925723370070%7D:17.0.13
FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.17
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.8
FF - prefs.js..extensions.enabledAddons: %7B1B33E42F-EF14-4cd3-B6DC-174571C4349C%7D:4.7
FF - prefs.js..extensions.enabledAddons: %7B5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7%7D:3.0.5
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..extensions.enabledItems: {acc3132b-20bd-4fbc-b390-cc88a56260a4}:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.13.2: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.13: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.13.2: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: C:\Program Files (x86)\搜狐影音\npifox.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser:  File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser:  File not found
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/10/17 21:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/03/23 07:24:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/11/21 10:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9D2AA73B-6049-4799-B8AC-925723370070}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/10/17 21:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/17 20:10:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/17 20:10:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 05:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/17 20:10:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/17 20:10:41 | 000,000,000 | ---D | M]
 
[2012/08/26 00:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Extensions
[2014/12/21 16:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions
[2014/12/21 20:36:27 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2014/11/11 12:28:25 | 000,000,000 | ---D | M] (CallChannelManager Class) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7}
[2013/04/14 14:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}.oldbackup
[2014/12/19 22:07:40 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2014/12/10 20:56:39 | 000,065,568 | ---- | M] () (No name found) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2014/10/17 12:28:17 | 000,304,133 | ---- | M] () (No name found) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/10/08 11:42:15 | 000,009,413 | ---- | M] () -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\searchplugins\yahoo-avast.xml
[2014/12/17 20:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/17 20:10:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/11/21 10:40:56 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2014/10/17 21:53:40 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/09/09 18:31:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2014/10/17 21:53:00 | 000,148,552 | ---- | M] (RealPlayer Cloud) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.9.131_0\
CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/12/26 19:45:05 | 000,001,497 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 85.25.79.59 www.google-analytics.com.
O1 - Hosts: 85.25.79.59 google-analytics.com.
O1 - Hosts: 85.25.79.59 connect.facebook.net.
O1 - Hosts: 95.141.32.73 www.google-analytics.com.
O1 - Hosts: 95.141.32.73 google-analytics.com.
O1 - Hosts: 95.141.32.73 connect.facebook.net.
O1 - Hosts: 192.95.55.231 www.google-analytics.com.
O1 - Hosts: 192.95.55.231 google-analytics.com.
O1 - Hosts: 192.95.55.231 connect.facebook.net.
O2:64bit: - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.30.4860.dll (深圳市迅雷网络技术有限公司)
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - No CLSID value found.
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Aimersoft Video Converter Ultimate 6.1.0) - {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} - C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö×é¼þ) - {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [CAPOSD] C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe (LENOVO)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DelaypluginInstall] C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe ()
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Intelligent Touchpad] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe ()
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Smart Update] C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe (Lenovo)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Rasuka\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Ofics] C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Thunder] C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe (深圳市迅雷网络技术有限公司)
O4 - HKCU..\Run: [YRPack] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - %SystemRoot%\system32\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - %SystemRoot%\system32\vsocklib.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: DhcpNameServer = 142.204.33.54 142.204.33.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE1D0C4-7173-439A-A816-1CE62C27BD64}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B589234-F4A2-4C6C-9A5A-03E5B07A6BCB}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC6CA805-4581-4164-8FC0-492B3F3009C8}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3694D17-36C2-4024-9423-D8AEE6EFE184}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE9367BC-57FD-431C-AFE2-10F4FBAC625F}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/10/08 15:31:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/27 12:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/12/27 12:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/12/27 12:31:32 | 000,000,000 | ---D | C] -- C:\20b170f27d12329afa
[2014/12/27 10:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2014/12/27 10:17:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2014/12/27 10:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2014/12/27 10:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2014/12/27 10:17:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0400030.01B
[2014/12/27 10:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/12/27 10:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2014/12/27 10:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/12/27 10:17:05 | 000,779,704 | ---- | C] (Symantec) -- C:\Users\Rasuka\Setup.exe
[2014/12/26 22:08:34 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\Computer stuff
[2014/12/26 19:34:26 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Local\IWsoft
[2014/12/26 19:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Backup
[2014/12/26 18:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegInOut System Utilities
[2014/12/26 18:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegInOut System Utilities
[2014/12/26 18:54:10 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\fijryhfa
[2014/12/26 18:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut
[2014/12/26 18:00:36 | 000,565,352 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/12/26 18:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2014/12/26 15:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/12/26 15:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/12/26 15:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014/12/26 14:04:06 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\SpeedyPC Software
[2014/12/26 14:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2014/12/25 10:20:31 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS
[2014/12/24 20:16:14 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Local\CrashRpt
[2014/12/24 20:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2014/12/24 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\SIW Home Edition
[2014/12/24 19:43:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/12/24 19:06:18 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\gnqunwbz
[2014/12/23 23:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2014/12/23 21:21:59 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\qxdbanzr
[2014/12/23 21:13:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/12/23 21:06:59 | 000,242,376 | ---- | C] (Kaspersky Lab, Yury Parshin) -- C:\Windows\SysNative\drivers\71490227.sys
[2014/12/23 20:03:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2014/12/23 20:03:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2014/12/21 18:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/12/21 18:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/12/21 18:18:04 | 000,880,784 | ---- | C] (Google Inc.) -- C:\Users\Rasuka\ChromeSetup.exe
[2014/12/21 17:40:53 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\qtpcszcz
[2014/12/21 15:32:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/21 15:31:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/21 15:30:52 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\sxkykjhe
[2014/12/21 14:57:50 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\ovqzwhds
[2014/12/21 14:51:25 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\vaovhrak
[2014/12/20 13:41:38 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\Grey's Anatomy
[2014/12/17 20:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/12/13 10:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thunder Network
[2014/12/13 10:34:41 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\ѸÀ×ÓÎÏ·
[2014/12/13 10:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Thunder Network
[2014/12/13 10:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Thunder Network
[2014/12/13 10:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Thunder Network
[2014/12/10 22:03:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/09 23:16:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/12/06 23:19:49 | 000,894,085 | ---- | C] (JamesR) -- C:\Users\Rasuka\Desktop\Le Bot 8.3.exe
[2014/12/06 12:57:36 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\manga
[2014/12/05 22:02:35 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\Risoquz
[2014/11/29 11:32:43 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\Documents\ËѺüÓ°Òô
[2014/11/29 11:32:32 | 000,000,000 | -H-D | C] -- C:\sohucache
[2014/11/29 11:32:26 | 000,000,000 | ---D | C] -- C:\SHDownload
[2014/11/28 21:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2C24168A-AEF7-4868-818A-2652A8AD4410
[2014/11/28 21:56:43 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Local\22222
[2014/11/27 22:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Knights of Pen and Paper
[2014/11/27 22:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Knights of Pen and Paper
[2014/11/14 22:06:59 | 030,619,240 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Rasuka\SkypeSetupFull.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rasuka\Documents\*.tmp files -> C:\Users\Rasuka\Documents\*.tmp -> ]
[1 C:\Users\Rasuka\AppData\Local\*.tmp files -> C:\Users\Rasuka\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/27 16:38:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/27 16:24:53 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/27 16:15:27 | 000,006,372 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141227154136
[2014/12/27 14:12:20 | 000,001,270 | ---- | M] () -- C:\Users\Rasuka\Desktop\ Mabinogi .lnk
[2014/12/27 13:32:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/12/27 12:46:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/27 12:46:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/27 11:37:04 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/27 10:55:39 | 000,671,558 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/27 10:55:39 | 000,131,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/27 10:55:38 | 000,791,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/27 10:49:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/27 10:42:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/27 10:17:42 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Rasuka.job
[2014/12/27 10:17:41 | 000,001,428 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.LNK
[2014/12/27 10:17:06 | 000,779,704 | ---- | M] (Symantec) -- C:\Users\Rasuka\Setup.exe
[2014/12/27 10:02:00 | 000,002,910 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141227095652
[2014/12/26 20:13:00 | 000,000,355 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ussclean
[2014/12/26 19:53:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\RegInOut on user logon - Rasuka.job
[2014/12/26 19:52:09 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2014/12/26 19:49:56 | 000,000,235 | ---- | M] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2014/12/26 19:45:05 | 000,001,497 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/12/26 18:55:21 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\RegInOut System Utilities.lnk
[2014/12/26 15:11:16 | 000,002,759 | ---- | M] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2014/12/26 14:03:23 | 000,000,573 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_DCF3584B-8D31-11E4-833B-9C4E3627E7DC.job
[2014/12/26 04:04:30 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2014/12/26 04:04:30 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2014/12/25 10:38:28 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2014/12/24 20:16:11 | 000,455,136 | ---- | M] () -- C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll
[2014/12/24 20:15:19 | 000,000,872 | ---- | M] () -- C:\Users\Rasuka\Desktop\SIW x64 Home Edition.lnk
[2014/12/24 20:15:03 | 000,000,000 | -H-- | M] () -- C:\Users\Rasuka\Documents\Default.rdp
[2014/12/24 20:11:04 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
[2014/12/24 20:08:37 | 000,000,099 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/12/24 18:27:21 | 995,996,754 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/12/23 21:06:59 | 000,242,376 | ---- | M] (Kaspersky Lab, Yury Parshin) -- C:\Windows\SysNative\drivers\71490227.sys
[2014/12/23 20:38:04 | 000,000,424 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/12/23 19:19:14 | 000,002,970 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141223191743
[2014/12/22 14:14:36 | 002,011,342 | ---- | M] () -- C:\Users\Rasuka\IMG_20141222_132850.jpg
[2014/12/21 22:09:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/12/21 22:09:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/12/21 18:19:27 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/21 18:15:51 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141221181208
[2014/12/21 17:00:03 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2014/12/21 15:06:34 | 000,002,874 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141221150518
[2014/12/21 15:05:24 | 000,000,304 | ---- | M] () -- C:\Windows\SysNative\TemporarFileConfiguration
[2014/12/20 11:45:41 | 000,014,125 | -H-- | M] () -- C:\Users\Rasuka\8DA7614F897FED714A91D68ED9B7C8C7B164D06C.torrent
[2014/12/19 22:06:25 | 000,001,512 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2014/12/19 11:57:42 | 000,000,865 | ---- | M] () -- C:\Users\Rasuka\Desktop\µTorrent.lnk
[2014/12/13 10:34:45 | 000,000,020 | ---- | M] () -- C:\Windows\SysWow64\pub_store.dat
[2014/12/13 05:08:08 | 000,027,983 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/12/12 18:11:01 | 004,151,176 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/12/12 15:22:57 | 000,002,970 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141212152137
[2014/12/10 15:27:27 | 000,002,874 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141210152457
[2014/12/08 19:34:00 | 000,481,028 | ---- | M] () -- C:\Users\Rasuka\christmas card with border jpg.jpg
[2014/12/08 19:33:37 | 001,533,908 | ---- | M] () -- C:\Users\Rasuka\christmas card with border.psd
[2014/12/08 19:23:20 | 000,024,337 | ---- | M] () -- C:\Users\Rasuka\border.jpg
[2014/12/08 18:44:32 | 000,441,388 | ---- | M] () -- C:\Users\Rasuka\christmas card jpg.jpg
[2014/12/08 18:44:12 | 001,219,808 | ---- | M] () -- C:\Users\Rasuka\christmas card.psd
[2014/12/06 22:16:24 | 000,894,085 | ---- | M] (JamesR) -- C:\Users\Rasuka\Desktop\Le Bot 8.3.exe
[2014/12/03 18:52:07 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/02 11:32:09 | 000,002,874 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141202105225
[2014/11/29 11:59:01 | 000,000,046 | ---- | M] () -- C:\Users\Rasuka\AppData\Roaming\CoreAVC.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]
[1 C:\Users\Rasuka\Documents\*.tmp files -> C:\Users\Rasuka\Documents\*.tmp -> ]
[1 C:\Users\Rasuka\AppData\Local\*.tmp files -> C:\Users\Rasuka\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/27 13:32:57 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/12/27 12:39:25 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/12/27 10:17:42 | 000,000,454 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Rasuka.job
[2014/12/27 10:17:41 | 000,001,428 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.LNK
[2014/12/27 10:17:35 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0400030.01B\isolate.ini
[2014/12/27 10:08:05 | 000,001,942 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/12/27 10:08:05 | 000,001,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
[2014/12/27 10:08:05 | 000,000,964 | ---- | C] () -- C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2014/12/27 10:01:59 | 000,002,910 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141227095652
[2014/12/26 19:53:00 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\RegInOut on user logon - Rasuka.job
[2014/12/26 19:52:09 | 000,056,016 | ---- | C] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2014/12/26 19:49:56 | 000,000,235 | ---- | C] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2014/12/26 18:55:21 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\RegInOut System Utilities.lnk
[2014/12/26 18:00:37 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2014/12/26 15:11:16 | 000,002,759 | ---- | C] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2014/12/26 14:03:23 | 000,000,573 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro_sch_DCF3584B-8D31-11E4-833B-9C4E3627E7DC.job
[2014/12/25 10:38:28 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
[2014/12/25 09:43:59 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2014/12/25 09:43:59 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2014/12/24 20:16:11 | 000,455,136 | ---- | C] () -- C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll
[2014/12/24 20:15:19 | 000,000,872 | ---- | C] () -- C:\Users\Rasuka\Desktop\SIW x64 Home Edition.lnk
[2014/12/24 20:15:03 | 000,000,000 | -H-- | C] () -- C:\Users\Rasuka\Documents\Default.rdp
[2014/12/24 20:10:56 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
[2014/12/24 20:08:37 | 000,000,099 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/12/23 19:52:37 | 000,027,983 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014/12/23 19:18:56 | 000,002,970 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141223191743
[2014/12/22 14:14:21 | 002,011,342 | ---- | C] () -- C:\Users\Rasuka\IMG_20141222_132850.jpg
[2014/12/21 22:09:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/12/21 22:09:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/12/21 20:25:18 | 000,000,424 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/12/21 18:41:03 | 995,996,754 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/12/21 18:29:08 | 000,001,424 | ---- | C] () -- C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/12/21 18:19:27 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/21 18:18:45 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/21 18:18:45 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/21 18:15:50 | 000,003,284 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141221181208
[2014/12/21 15:06:30 | 000,002,874 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141221150518
[2014/12/20 11:45:57 | 000,014,125 | -H-- | C] () -- C:\Users\Rasuka\8DA7614F897FED714A91D68ED9B7C8C7B164D06C.torrent
[2014/12/16 09:30:50 | 000,000,304 | ---- | C] () -- C:\Windows\SysNative\TemporarFileConfiguration
[2014/12/13 10:34:45 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2014/12/12 15:22:49 | 000,002,970 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141212152137
[2014/12/10 15:27:26 | 000,002,874 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141210152457
[2014/12/08 19:33:36 | 001,533,908 | ---- | C] () -- C:\Users\Rasuka\christmas card with border.psd
[2014/12/08 19:23:20 | 000,024,337 | ---- | C] () -- C:\Users\Rasuka\border.jpg
[2014/12/08 19:21:43 | 000,481,028 | ---- | C] () -- C:\Users\Rasuka\christmas card with border jpg.jpg
[2014/12/08 18:44:29 | 000,441,388 | ---- | C] () -- C:\Users\Rasuka\christmas card jpg.jpg
[2014/12/08 18:44:09 | 001,219,808 | ---- | C] () -- C:\Users\Rasuka\christmas card.psd
[2014/12/03 18:52:07 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/02 11:32:08 | 000,002,874 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141202105225
[2014/11/29 11:43:10 | 000,000,046 | ---- | C] () -- C:\Users\Rasuka\AppData\Roaming\CoreAVC.ini
[2014/11/14 22:03:48 | 000,000,017 | ---- | C] () -- C:\Users\Rasuka\AppData\Local\resmon.resmoncfg
[2014/11/13 09:24:33 | 000,096,710 | ---- | C] () -- C:\Users\Rasuka\MyCampus Portal.pdf
[2014/11/06 13:50:48 | 000,023,729 | ---- | C] () -- C:\Users\Rasuka\tease jpg.jpg
[2014/11/06 13:41:57 | 000,188,139 | ---- | C] () -- C:\Users\Rasuka\tease.psd
[2014/11/03 19:26:34 | 001,900,921 | ---- | C] () -- C:\Users\Rasuka\IMG_20141103_190959.jpg
[2014/11/03 19:26:34 | 001,807,737 | ---- | C] () -- C:\Users\Rasuka\IMG_20141103_180608.jpg
[2014/11/03 19:26:33 | 001,954,809 | ---- | C] () -- C:\Users\Rasuka\IMG_20141103_191059.jpg
[2014/11/02 09:42:29 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2014/11/02 09:42:29 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
[2014/10/02 19:25:29 | 000,000,000 | ---- | C] () -- C:\Users\Rasuka\AppData\Local\{EE8CBE16-41C1-471A-8299-84711C452276}
[2014/09/29 07:32:43 | 000,752,393 | ---- | C] () -- C:\Users\Rasuka\hearts jpg.jpg
[2014/09/29 07:32:25 | 003,567,680 | ---- | C] () -- C:\Users\Rasuka\hearts.psd
[2014/09/25 07:59:19 | 000,123,336 | ---- | C] () -- C:\Users\Rasuka\phone bill.jpg
[2014/09/18 22:06:31 | 000,119,858 | ---- | C] () -- C:\Users\Rasuka\watch.jpg
[2014/09/13 10:36:23 | 088,218,878 | ---- | C] () -- C:\Users\Rasuka\MHR_Chemistry 12 Full Text.pdf
[2014/06/25 19:45:01 | 001,611,020 | ---- | C] () -- C:\Users\Rasuka\3.jpg
[2014/06/25 19:44:51 | 001,720,480 | ---- | C] () -- C:\Users\Rasuka\2.jpg
[2014/06/25 19:44:45 | 001,613,229 | ---- | C] () -- C:\Users\Rasuka\1.jpg
[2014/05/20 23:33:38 | 000,348,088 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/05/20 23:33:32 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/05/20 23:33:32 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/03/31 11:27:10 | 002,445,192 | ---- | C] () -- C:\Users\Rasuka\RHPO April 19 2014.pdf
[2014/03/01 13:45:42 | 000,008,046 | ---- | C] () -- C:\Program Files (x86)\Common Files\setupBanner.jpg
[2014/03/01 13:45:38 | 000,037,607 | ---- | C] () -- C:\Program Files (x86)\Common Files\license.rtf
[2014/02/20 10:28:10 | 000,563,989 | ---- | C] () -- C:\Users\Rasuka\AppData\Local\Fiesta.bin
[2013/12/18 12:03:17 | 000,003,748 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/05/16 08:06:23 | 000,001,102 | ---- | C] () -- C:\Users\Rasuka\pixelavatar96.png
[2013/04/14 13:33:08 | 000,001,872 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/04/12 09:22:06 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/02/15 10:00:00 | 000,089,915 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv
[2013/02/15 09:46:25 | 000,001,355 | ---- | C] () -- C:\Users\Rasuka\AppData\Roaming\Network Meter_Settings.ini
[2013/01/26 15:28:58 | 000,000,552 | ---- | C] () -- C:\Users\Rasuka\SciTE.session
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/13 11:02:09 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\AC3Filter
[2014/02/17 18:30:34 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Anvil Studio
[2013/04/12 10:07:05 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Azureus
[2014/10/23 20:31:12 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\com.filament.cps
[2014/10/08 08:08:43 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Disney Interactive Studios
[2014/11/22 15:53:49 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Doublefine
[2012/08/29 11:00:07 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\EurekaLog
[2013/12/01 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\FiestaOnline
[2014/12/26 18:54:11 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\fijryhfa
[2012/09/09 18:32:52 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Foxit Software
[2012/08/29 12:14:58 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\GameHouse
[2014/12/24 19:06:18 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\gnqunwbz
[2013/08/01 17:36:47 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Lenovo
[2014/05/09 09:19:17 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\LSC
[2014/08/03 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Oracle
[2014/06/01 14:17:26 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Origin
[2014/12/21 14:57:50 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\ovqzwhds
[2014/12/21 17:40:53 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\qtpcszcz
[2014/12/23 21:48:01 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\qxdbanzr
[2014/12/05 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Risoquz
[2013/07/01 11:52:22 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Rogue Legacy
[2014/12/26 14:04:06 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\SpeedyPC Software
[2014/12/21 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\sxkykjhe
[2014/04/03 21:37:46 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Synthesia
[2014/04/30 19:38:02 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\TeamViewer
[2014/11/01 11:46:36 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Usmexe
[2014/12/21 18:11:10 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\uTorrent
[2014/12/21 14:51:25 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\vaovhrak
[2012/12/31 09:32:50 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\WildTangent
[2012/08/26 02:38:32 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Zone.com Deluxe Games
[2013/08/01 10:31:45 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
[2014/12/13 10:34:41 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\ѸÀ×ÓÎÏ·
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/12/15 20:53:33 | 000,000,000 | ---D | M](C:\Users\Rasuka\????) -- C:\Users\Rasuka\衝上雲霄
[2014/12/15 20:53:33 | 000,000,000 | ---D | M](C:\Users\Rasuka\????) -- C:\Users\Rasuka\衝上雲霄
[2014/12/15 20:50:50 | 000,000,000 | ---D | C](C:\Users\Rasuka\????) -- C:\Users\Rasuka\衝上雲霄
[2014/12/13 10:35:12 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
[2014/12/13 10:33:57 | 000,001,340 | ---- | M] ()(C:\Users\Rasuka\Desktop\??7.lnk) -- C:\Users\Rasuka\Desktop\迅雷7.lnk
[2014/12/13 10:33:57 | 000,001,340 | ---- | C] ()(C:\Users\Rasuka\Desktop\??7.lnk) -- C:\Users\Rasuka\Desktop\迅雷7.lnk
[2014/12/13 10:33:56 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷
[2014/11/29 11:42:47 | 000,000,000 | ---D | M](C:\Users\Rasuka\Documents\????) -- C:\Users\Rasuka\Documents\搜狐影音
[2014/11/29 11:32:07 | 000,000,000 | ---D | M](C:\Program Files (x86)\????) -- C:\Program Files (x86)\搜狐影音
[2014/11/29 11:32:07 | 000,000,000 | ---D | M](C:\Program Files (x86)\????) -- C:\Program Files (x86)\搜狐影音
[2014/11/29 11:32:07 | 000,000,000 | ---D | C](C:\Users\Rasuka\Documents\????) -- C:\Users\Rasuka\Documents\搜狐影音
[2014/11/29 11:31:58 | 000,001,914 | ---- | M] ()(C:\Users\Rasuka\Desktop\????????.lnk) -- C:\Users\Rasuka\Desktop\搜狐影音游戏大厅.lnk
[2014/11/29 11:31:58 | 000,001,914 | ---- | C] ()(C:\Users\Rasuka\Desktop\????????.lnk) -- C:\Users\Rasuka\Desktop\搜狐影音游戏大厅.lnk
[2014/11/29 11:31:58 | 000,001,880 | ---- | M] ()(C:\Users\Rasuka\Desktop\????.lnk) -- C:\Users\Rasuka\Desktop\搜狐影音.lnk
[2014/11/29 11:31:58 | 000,001,880 | ---- | C] ()(C:\Users\Rasuka\Desktop\????.lnk) -- C:\Users\Rasuka\Desktop\搜狐影音.lnk
[2014/11/29 11:31:58 | 000,001,858 | ---- | M] ()(C:\Users\Rasuka\Desktop\???????.lnk) -- C:\Users\Rasuka\Desktop\高清热播影视剧.lnk
[2014/11/29 11:31:58 | 000,001,858 | ---- | C] ()(C:\Users\Rasuka\Desktop\???????.lnk) -- C:\Users\Rasuka\Desktop\高清热播影视剧.lnk
[2014/11/29 11:31:58 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音
[2014/11/29 11:31:43 | 000,000,000 | ---D | C](C:\Program Files (x86)\????) -- C:\Program Files (x86)\搜狐影音
[2014/11/29 11:31:22 | 000,000,000 | ---D | M](C:\Users\Rasuka\AppData\Local\Temp?) -- C:\Users\Rasuka\AppData\Local\Temp尰
[2014/11/29 11:31:22 | 000,000,000 | ---D | M](C:\Users\Rasuka\AppData\Local\Temp?) -- C:\Users\Rasuka\AppData\Local\Temp尰
[2014/11/29 11:31:22 | 000,000,000 | ---D | C](C:\Users\Rasuka\AppData\Local\Temp?) -- C:\Users\Rasuka\AppData\Local\Temp尰
[2013/11/16 21:47:04 | 000,291,949 | ---- | C] ()(C:\Users\Rasuka\??_&_3ca7a6fa-b95d-45a6-b658-e15796c2f524.jpg) -- C:\Users\Rasuka\穿心_&_3ca7a6fa-b95d-45a6-b658-e15796c2f524.jpg
[2013/11/16 21:47:04 | 000,172,689 | ---- | C] ()(C:\Users\Rasuka\????_&_bf4f9d70-964d-4e4b-af02-58201f4a276e.jpg) -- C:\Users\Rasuka\调皮猫咪_&_bf4f9d70-964d-4e4b-af02-58201f4a276e.jpg
[2013/11/14 10:19:56 | 000,172,689 | ---- | M] ()(C:\Users\Rasuka\????_&_bf4f9d70-964d-4e4b-af02-58201f4a276e.jpg) -- C:\Users\Rasuka\调皮猫咪_&_bf4f9d70-964d-4e4b-af02-58201f4a276e.jpg
[2013/11/14 10:18:17 | 000,291,949 | ---- | M] ()(C:\Users\Rasuka\??_&_3ca7a6fa-b95d-45a6-b658-e15796c2f524.jpg) -- C:\Users\Rasuka\穿心_&_3ca7a6fa-b95d-45a6-b658-e15796c2f524.jpg
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:AD022376
 
< End of report >
 
 
Extras of OLT report:-

OTL Extras logfile created on: 27/12/2014 1:52:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rasuka\Computer stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
7.86 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 54.23% Memory free
15.73 Gb Paging File | 11.13 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.56 Gb Total Space | 68.42 Gb Free Space | 16.27% Space Free | Partition Type: NTFS
Drive D: | 25.47 Gb Total Space | 21.79 Gb Free Space | 85.54% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 2.77 Gb Free Space | 37.46% Space Free | Partition Type: FAT32
 
Computer Name: RASUKA-PC | User Name: Rasuka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- Reg Error: Value error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- Reg Error: Value error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F1A067-60F3-43CB-9065-F1C917648F44}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{104D1B71-AAF9-4A8A-8DD1-07F014E51664}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{35070DCB-038E-418B-84CB-4CD8AAC29912}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{45667F1C-C30B-48EA-A0FF-4DE2BF13A9A7}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) | 
"{484B2891-E04A-4499-86D0-8F40FBB096C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5DE88D52-5033-42C1-B0D6-1F0C46B8BED6}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{847CBF97-83A3-4D6B-95CD-E6F3CBFB0931}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8F2319EA-7943-46D7-9434-A4C105C8F707}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BEB03C72-694B-4FD3-AF3F-04249043B8BA}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D3F34DEB-3AAF-4C26-89E4-9AC4E1BB6EA8}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{DF2945E1-83F7-49D3-81EE-107EFC3114FB}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FACBFC60-721D-4CFB-92B5-AA8FCF9F87AC}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 | 
"{0069A966-4EBC-45F7-B6F3-B486798A0D5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fate\fate.exe | 
"{010D9DD9-6041-4B7A-98D7-F6F3A3ABA8A9}" = protocol=17 | dir=in | app=c:\users\rasuka\appdata\roaming\utorrent\utorrent.exe | 
"{02788419-EB28-4486-BA5E-9A142DC25F8F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fate undiscovered realms\fate.exe | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{03D07441-ABE8-46B6-9EC0-256744B07475}" = protocol=6 | dir=in | app=h:\grandchase\main.exe | 
"{053C5F0C-49A0-41B2-96E1-8CD7DB699866}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe | 
"{05A3672C-97EC-42C4-8A34-56BB3ABA61D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | 
"{067A9CA7-8B9D-438C-BFAE-F89125B0FB63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\precipice of darkness 3\rainslick3.exe | 
"{09C63BE8-EC0F-45FA-8CFA-445162D4EBBC}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe | 
"{0A7DD073-4C2D-4970-BA56-2F1F7A6CCEF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\violett\violett.exe | 
"{0EE089C9-CE3C-4075-9EF8-61813676A226}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe | 
"{11132F26-D42C-4105-B5FE-FAD76A96AACE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fate undiscovered realms\fate.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{17F88618-0FFD-4F93-9A2C-F96622F05C39}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{21684871-F4D2-480E-B470-628C3A3228B2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{21B56C7C-DD9B-4809-A850-7F0CB528B3F4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{2602887E-FE00-467E-BC79-A8B7E064AA35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds_radeon.exe | 
"{260FCDF2-0FB0-4588-B08E-1B7C226E3752}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\bejeweled 3\bejeweled3.exe | 
"{288AACA6-F7F3-4058-A2B5-F9578E0CD30E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the critter chronicles\critterchronicles.exe | 
"{32593BB0-3AC1-4B90-8D85-5A24E33F7D71}" = protocol=17 | dir=in | app=h:\grandchase\main.exe | 
"{3E2A8244-8202-467F-B8A2-BCBA3D2DE0BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\precipice of darkness 3\rainslick3.exe | 
"{419B8CE9-F328-4BAE-9E38-5CC3D093D116}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grimm\grimmlauncher.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 | 
"{4B6F61A9-ADCB-49BF-950B-721C7C82A64B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witch's yarn\witchsyarn.exe | 
"{4D6E28F0-0063-4CB2-A4B2-18063106790E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe | 
"{5006C5DD-909D-4E88-A010-F57DDE8B7578}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe | 
"{510749EB-49E0-402F-B0AA-C14FDBD962AB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{55292CDF-10CA-416E-BC4E-EC2688BF1626}" = protocol=17 | dir=in | app=f:\ntreev\grand chase\main.exe | 
"{55692B89-04D5-471D-8893-948702F6BF30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{5873A86C-9356-41E3-B579-FAF168D2EAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{5AF3CCED-30AD-4404-989B-D0EEF5A39E4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe | 
"{60737778-0DFD-44BD-B535-4C7AC90EB1EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the book of unwritten tales\bout.exe | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6898288B-7709-40D8-89F0-CCA5380FADB6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6CD70CCA-0386-4D13-ADAD-5C7456DA4127}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe | 
"{6D97660C-F5EB-4622-9DDA-2D79BEB4E1CD}" = protocol=6 | dir=in | app=e:\grandchase\main.exe | 
"{72D43BD8-659D-4A93-A9CB-5B0AA255A445}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds_radeon.exe | 
"{760D8847-DDA4-4EF9-B0C9-54B9582B44DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mabinogi\nxsteam.exe | 
"{76897822-5596-49D1-B7FD-25640F0A0EE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{777B1C27-8D17-48B3-A7C9-DC2FC492E474}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\bejeweled 3\bejeweled3.exe | 
"{77C4689D-AF4C-45E5-BE4B-CA790BF7F8ED}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{78D69872-FEE4-4502-9994-E2FDCE30A238}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{7C37A0AF-4718-4FEC-AD98-C9D74E52CB8B}" = dir=in | app=c:\windows\explorer.exe | 
"{7DAD6D0D-E43C-45D6-8259-134270AA57AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{84E4571D-38B6-4D51-B3C1-ADCC6EC7A012}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{86CC45F2-3207-401C-B6DD-29A76B5236DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\violett\violett.exe | 
"{8869860C-6997-4899-BDF5-258F043334B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awalkinthedark\awalkinthedark.exe | 
"{8922BB8C-BCB9-4D51-9AAF-7956D787A733}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe | 
"{8C0A5B25-F4F5-4063-9519-FA6C2F4F5F27}" = protocol=17 | dir=in | app=c:\users\rasuka\appdata\roaming\utorrent\utorrent.exe | 
"{8DA8235A-C118-4E9A-B9A6-2FD4B0C9D3A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witch's yarn\witchsyarn.exe | 
"{8DF33EDF-216A-4E05-83E8-CDCF7ADB8BE9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\xlbugreport.exe | 
"{93CB9834-F1FB-4554-936D-DF63F594532A}" = protocol=17 | dir=in | app=e:\grandchase\main.exe | 
"{9A124C37-ADB3-497F-85F6-0E3983912A85}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A003B604-1425-42E3-AA36-5138BCAD2AC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awalkinthedark\awalkinthedark.exe | 
"{A0310154-7DEA-47D6-93BE-466C63390FE2}" = dir=in | app=c:\windows\system32\rundll32.exe | 
"{A0DED3B8-A189-4A55-A6FC-05B881B7E9F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{A1F42A03-D2B8-4124-A705-1333926F9CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{A349783A-6220-48D0-9EF3-7D939E3E2423}" = protocol=6 | dir=in | app=c:\users\rasuka\appdata\roaming\utorrent\utorrent.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5665216-FB32-4F90-973F-E706657711F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the critter chronicles\critterchronicles.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ACF15978-6FCA-409B-9638-F01E6B5D81F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mabinogi\nxsteam.exe | 
"{B49F7FD2-9A8F-4BCA-B6FE-8766B5B60F36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grimm\grimmlauncher.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{C4192C3E-1F47-4390-BA2C-80ED9F7A3DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{C6672693-91CE-405F-8408-C92885A9136C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds.exe | 
"{C873ABE0-F83F-4A9D-91DE-2376768576FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy vii\ff7_launcher.exe | 
"{CBC1D777-8967-4497-8EA9-D71AFF7F3799}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\peggle deluxe\peggle.exe | 
"{CC8B7975-B7F0-4B97-BDA1-3D3900AA76BF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D02183BE-EB5D-4439-B645-9A1A4F4C6C86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D0299DF7-6B80-4D5F-98EC-3C303B77A1CC}" = protocol=6 | dir=in | app=f:\ntreev\grand chase\main.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D858E000-E59D-4A60-926D-B394DD997807}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\xlbugreport.exe | 
"{D867AC42-2E41-4F8C-8286-02BD5C55E6A5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{DC746A90-2EB7-4BBF-8CA1-8A5A541C821C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fate\fate.exe | 
"{DEB4FD0E-E615-46B7-A428-F28898052326}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E158DB0A-C653-499C-B16B-3EB031C9BE19}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\peggle deluxe\peggle.exe | 
"{E5C0FA6D-0BE2-4E47-942D-B4EC9DB36D14}" = protocol=6 | dir=in | app=c:\users\rasuka\appdata\roaming\utorrent\utorrent.exe | 
"{E69583B0-BF70-456D-8AD3-5CC0A3261FB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the book of unwritten tales\bout.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E9952878-0215-4248-96D7-4442E687523E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | 
"{E9A16F03-791C-4443-9C2C-86D9EDCA7C89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy vii\ff7_launcher.exe | 
"{EAEB43B7-CC53-4C65-83D3-A8EC9D79CDD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds.exe | 
"{EE665607-F7CD-4D19-B69C-780C701C7ABA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F83006FD-4AE8-4010-A0E8-44257B49745D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{FB2CCAA3-C9DC-4A30-8958-3BD64F765A8B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{FDF14EE6-F5CE-417F-8E54-1242580B31D3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"TCP Query User{5AFAA320-039B-4F5F-B08A-04F65FABBE72}C:\program files (x86)\zone.com deluxe games\hexic deluxe\hexicdeluxe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zone.com deluxe games\hexic deluxe\hexicdeluxe.exe | 
"TCP Query User{84181305-850B-4CD7-B284-579686D05CE6}C:\users\rasuka\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\rasuka\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{958D5360-B9D3-44DC-B68E-26D2861D5C4E}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe | 
"TCP Query User{A0E81B93-60FD-4F49-BB35-4EF1CFA4CEB1}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe | 
"TCP Query User{B13481EA-EEB2-42C6-9E0A-A13F42F683DD}C:\users\rasuka\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\rasuka\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{F0571BEE-09C6-41DF-AB49-DE9209314AED}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"UDP Query User{3C15C5F3-A9C9-49E4-A89B-96A9E721ED52}C:\users\rasuka\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\rasuka\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{567E356C-95BD-448E-92D6-913A3DA35EE3}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"UDP Query User{79F4F4BC-A852-4FD2-8850-918CC642F4FC}C:\users\rasuka\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\rasuka\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{7F3E8211-B230-45BD-BECE-89499BFD0B0C}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe | 
"UDP Query User{BF9E0703-E871-4F28-8126-27249D356444}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe | 
"UDP Query User{E7F3BD85-2383-48C7-92A5-CFA563E26C78}C:\program files (x86)\zone.com deluxe games\hexic deluxe\hexicdeluxe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zone.com deluxe games\hexic deluxe\hexicdeluxe.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0927321C-2FD4-43DF-94A6-FC2FB355A7A7}_is1" = SIW x64 Home Edition
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4169B8AC-D144-4E38-A9CA-637EA44129ED}" = Intel® Wireless Music device driver
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{73ca1ddf-9d19-45f2-ad4c-04169ec13342}" = Intel® PRO/Wireless Driver
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83E68458-AF28-4CA4-8AFC-595A10307290}" = LenovoDrv_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C481E27-751F-48B9-801D-C583F032DA50}" = Intel® PROSet/Wireless WiFi Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"5E61CDC4058A17FE9BE3046B1846F3118CD618B1" = Windows Driver Package - Lenovo Corporation (LAD) System  (01/13/2012 1.0.0.2)
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 5.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07C70C1E-E746-482A-82F9-943F024708CF}" = Alcor Micro USB Card Reader
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}" = Intel® PROSet/Wireless Software
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}" = Lenovo Smart Update
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-490CW
"{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}" = Plants vs. Zombies™
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715AD72D-887A-459E-988B-D4F3E87FA24B}" = Peggle
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{74A8117D-07C6-4222-AFFD-51421B69DEF0}" = TRENDnet TEW-648UB Wireless N USB Adapter
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{7FBAD091-89F7-4C77-A224-15FF4423C7D2}" = RealDownloader
"{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel® WiDi
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87D0541E-7EB4-44AD-8A0D-D951152020C1}" = BlueStacks Notification Center
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC3AFA60-3E98-4F5B-81B7-0A919050C0D7}" = Anvil Studio 2012
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}" = Anvil Studio
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1" = Cube World version 0.0.1
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E26DE186-3540-4489-83D0-8BFFBFBDBBC8}" = Hexic Deluxe
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}" = Bejeweled® 3
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F40CA00E-B365-448A-B146-BC061F1230A0}" = Brownie
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}" = NVIDIA PhysX (Legacy)
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD86651E-5875-4964-9E18-7F128292EBB1}" = Disney Epic Mickey 2
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_ced94c8db6b9767b7dd95a4c64ecdc8" = Adobe Setup
"Aimersoft Video Converter Ultimate_is1" = Aimersoft Video Converter Ultimate(Build 6.4.1.0)
"All Sound Recorder XP_is1" = All Sound Recorder XP 2.30
"AmUStor" = Alcor Micro USB Card Reader
"BlueStacks App Player" = BlueStacks App Player
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Connect" = Connect
"CoreAAC" = CoreAAC
"Costume Quest_is1" = Costume Quest
"Crazy Plant Shop1.1" = Crazy Plant Shop
"Fiesta Online NA" = Fiesta Online NA
"Foxit Reader" = Foxit Reader
"GOM Player" = GOM Player
"GOM Video Converter" = GOM Video Converter
"Google Chrome" = Google Chrome
"Granado Espada Online_is1" = Granado Espada Online
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Knights of Pen and Paper_is1" = Knights of Pen and Paper
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 34.0.5 (x86 en-US)" = Mozilla Firefox 34.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee AntiVirus Plus
"NSS" = Norton Security Scan
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"Plants vs. Zombies" = Plants vs. Zombies
"PrintMusic! 2000" = PrintMusic! 2000
"QBeez 2_is1" = QBeez 2
"RealAlt_is1" = Real Alternative 1.8.0
"RegCure" = RegCure
"RegInOut System Utilities_is1" = RegInOut System Utilities
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"Ricochet Lost Worlds_is1" = Ricochet Lost Worlds
"Ricochet Xtreme Retail_is1" = Ricochet Xtreme
"Rogue Legacy_is1" = Rogue Legacy version 0.0.0.9
"SharpEye Music Reader 2" = SharpEye Music Reader 2
"Steam App 107100" = Bastion
"Steam App 1930" = Two Worlds: Epic Edition
"Steam App 19680" = Alice: Madness Returns
"Steam App 212200" = Mabinogi
"Steam App 213030" = Penny Arcade's On the Rain-Slick Precipice of Darkness 3
"Steam App 215160" = The Book of Unwritten Tales
"Steam App 221830" = The Book of Unwritten Tales: The Critter Chronicles
"Steam App 23310" = The Last Remnant
"Steam App 246840" = FATE
"Steam App 248730" = A Walk in the Dark
"Steam App 252150" = Grimm
"Steam App 257830" = Violett
"Steam App 276890" = FATE: Undiscovered Realms
"Steam App 287740" = The Witch's Yarn
"Steam App 39140" = FINAL FANTASY VII
"Synthesia" = Synthesia (remove only)
"TeamViewer 9" = TeamViewer 9
"thunder_is1" = ѸÀ×7
"VeriFace" = VeriFace
"VLC media player" = VLC media player
"WinLiveSuite_Wave3" = Windows Live Essentials
"搜狐影音" = 搜狐影音
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27/12/2014 10:56:44 AM | Computer Name = Rasuka-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27/12/2014 11:12:50 AM | Computer Name = Rasuka-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27/12/2014 11:16:33 AM | Computer Name = Rasuka-PC | Source = PerfNet | ID = 2004
Description = 
 
Error - 27/12/2014 11:20:38 AM | Computer Name = Rasuka-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27/12/2014 11:20:46 AM | Computer Name = Rasuka-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
 service.  Service did not stop gracefully the last time it was run.     at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error - 27/12/2014 11:30:32 AM | Computer Name = Rasuka-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27/12/2014 11:43:42 AM | Computer Name = Rasuka-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27/12/2014 11:43:47 AM | Computer Name = Rasuka-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
 service.  Service did not stop gracefully the last time it was run.     at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error - 27/12/2014 3:42:24 PM | Computer Name = Rasuka-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 27/12/2014 3:42:24 PM | Computer Name = Rasuka-PC | Source = VSS | ID = 12298
Description = 
 
[ System Events ]
Error - 27/12/2014 4:07:52 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27/12/2014 4:08:38 PM | Computer Name = Rasuka-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Skype
 Updater service to connect.
 
Error - 27/12/2014 4:43:50 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27/12/2014 5:10:24 PM | Computer Name = Rasuka-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Modules Installer service to connect.
 
Error - 27/12/2014 5:10:24 PM | Computer Name = Rasuka-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Modules Installer service failed to start due to the following
 error:   %%1053
 
Error - 27/12/2014 5:19:54 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27/12/2014 5:43:54 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27/12/2014 6:19:55 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27/12/2014 6:55:58 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27/12/2014 6:55:58 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
 
Lord and I wondered if normal scans should take like a good 6 hours XD

Edited by Rasuka, 27 December 2014 - 05:28 PM.

  • 0

Advertisements


#2
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Rasuka. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)

 
I'd like to have another look at the system. Please, do the following:

FRST Scan
  • Download Farbar Recovery Scan Tool and save it to your Desktop.
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content

  • 0

#3
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Attached to this post is the two errors I get upon start up and the following is the logs you requested:

 

FRST Log:-

 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Rasuka (administrator) on RASUKA-PC on 27-12-2014 20:18:42
Running from C:\Users\Rasuka\Computer stuff
Loaded Profiles: Rasuka &  (Available profiles: Rasuka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 

Addition Log:-

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by Rasuka at 2014-12-27 19:54:54
Running from C:\Users\Rasuka\Computer stuff
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\uTorrent) (Version: 3.4.2.37248 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.37248 - BitTorrent Inc.)
A Walk in the Dark (HKLM-x32\...\Steam App 248730) (Version:  - )
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\Adobe_ced94c8db6b9767b7dd95a4c64ecdc8) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Aimersoft Video Converter Ultimate(Build 6.4.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.4.1.0 - Aimersoft Software)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.3042.60281 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.3042.60281 - Alcor Micro Corp.) Hidden
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
All Sound Recorder XP 2.30 (HKLM-x32\...\All Sound Recorder XP_is1) (Version:  - MP3DO, Inc.)
Anvil Studio (HKLM-x32\...\{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}) (Version: 14.03.01 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{BC3AFA60-3E98-4F5B-81B7-0A919050C0D7}) (Version: 12.12.07 - Willow Software)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Brownie (HKLM-x32\...\{F40CA00E-B365-448A-B146-BC061F1230A0}) (Version: 1.0.2 - Hotarugirl)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.50 - Conexant)
Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.0.0.07110 - Sony Corporation)
CoreAAC (HKLM-x32\...\CoreAAC) (Version:  - )
Costume Quest (HKLM-x32\...\Costume Quest_is1) (Version:  - )
Crazy Plant Shop (HKLM-x32\...\Crazy Plant Shop1.1) (Version: 1.1 - Foxy Games)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Disney Epic Mickey 2 (HKLM-x32\...\{FD86651E-5875-4964-9E18-7F128292EBB1}) (Version: 1.00.0000 - Disney Interactive Studios)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
FATE (HKLM-x32\...\Steam App 246840) (Version:  - WildTangent)
FATE: Undiscovered Realms (HKLM-x32\...\Steam App 276890) (Version:  - WildTangent)
Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.01.516 - Gamigo games)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.54 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version:  - IMC Games Co., Ltd.)
Grimm (HKLM-x32\...\Steam App 252150) (Version:  - Spicyhorse Games)
Hexic Deluxe (HKLM-x32\...\{E26DE186-3540-4489-83D0-8BFFBFBDBBC8}) (Version: 1.0.0 - Zone.com Deluxe Games)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Knights of Pen and Paper (HKLM-x32\...\Knights of Pen and Paper_is1) (Version:  - Paradox Interactive)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.7 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.7 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3807 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3807 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.0.29 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Media Manager for WALKMAN 1.2 (HKLM-x32\...\{5A6ED905-D19D-4954-8499-0DAF386460F7}) (Version: 1.2.771 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
ѸÀ×7 (HKLM-x32\...\thunder_is1) (Version: 7.9.30.4860 - ѸÀ×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PrintMusic! 2000 (HKLM-x32\...\PrintMusic! 2000) (Version:  - )
QBeez 2 (HKLM-x32\...\QBeez 2_is1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RegCure (HKLM-x32\...\RegCure) (Version: 3.0.2.0 - ParetoLogic, Inc.)
RegInOut System Utilities (HKLM-x32\...\RegInOut System Utilities_is1) (Version: 4.0 - SORCIM Technologies Pvt Ltd)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds_is1) (Version:  - )
Ricochet Xtreme (HKLM-x32\...\Ricochet Xtreme Retail_is1) (Version:  - Reflexive Entertainment, Inc.)
Rogue Legacy version 0.0.0.9 (HKLM-x32\...\Rogue Legacy_is1) (Version: 0.0.0.9 - WaLMaRT)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SharpEye Music Reader 2 (HKLM-x32\...\SharpEye Music Reader 2) (Version:  - Visiv)
SIW x64 Home Edition (HKLM\...\{0927321C-2FD4-43DF-94A6-FC2FB355A7A7}_is1) (Version: 2014.10.16 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version:  - KING Art)
The Book of Unwritten Tales: The Critter Chronicles (HKLM-x32\...\Steam App 221830) (Version:  - KING Art)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version:  - SQUARE ENIX)
The Witch's Yarn (HKLM-x32\...\Steam App 287740) (Version:  - Mousechief)
TRENDnet TEW-648UB Wireless N USB Adapter (HKLM-x32\...\{74A8117D-07C6-4222-AFFD-51421B69DEF0}) (Version: 1.00.0000 - TRENDnet)
Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version:  - Reality Pump Studios)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Violett (HKLM-x32\...\Steam App 257830) (Version:  - Forever Entertainment S. A.)
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Driver Package - Lenovo Corporation (LAD) System  (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
搜狐影音 (HKLM-x32\...\搜狐影音) (Version: 0.0.0.0 - 搜狐公司)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Rasuka\AppData\Roaming\ovqzwhds\tivesen.dll () <==== ATTENTION
 
==================== Restore Points  =========================
 
24-12-2014 20:24:15 Removed NVIDIA PhysX (Legacy)
26-12-2014 15:05:46 Installed Sophos Virus Removal Tool.
26-12-2014 17:55:38 Installed Realtek Ethernet Controller All-In-One Windows Driver
26-12-2014 18:59:34 RegInOut Restore Point before Repair
26-12-2014 19:23:10 RegInOut Restore Point before Repair
27-12-2014 12:56:16 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-26 19:45 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.79.59 www.google-analytics.com.
85.25.79.59 google-analytics.com.
85.25.79.59 connect.facebook.net.
95.141.32.73 www.google-analytics.com.
95.141.32.73 google-analytics.com.
95.141.32.73 connect.facebook.net.
192.95.55.231 www.google-analytics.com.
192.95.55.231 google-analytics.com.
192.95.55.231 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {025A6CEF-C5AE-448C-8430-F0DA437902B9} - System32\Tasks\{F3BC409F-9772-4B6D-A738-4B8CD4912D11} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {0C9F50CC-E1ED-4DB7-822D-5557292AC80B} - System32\Tasks\{FEE8E489-4C4C-4BCB-BDB5-227194F09DCF} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {0D91EB19-AAB1-4274-8D64-1200DCC7A465} - System32\Tasks\{823FE0E4-B8C5-4B7C-A54E-C46D2DBD4573} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"
Task: {13A8472B-4D1B-40F8-A876-8CE8A422F41D} - System32\Tasks\RegCure Program Check => C:\Program Files (x86)\RegCure\RegCure.exe [2010-06-13] ()
Task: {185E1C55-F5D1-48F6-AC26-FC3F4438B3EF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1422646263-2310165737-2160699533-1001
Task: {1D20654C-A8B8-44D8-B766-52109305D06F} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {21EBCB66-353E-4E1D-AE3F-2D12330C721C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NICMJNDJCMKJBJ"
Task: {22854C27-DDEA-4088-A6FF-35D963A7EDF3} - System32\Tasks\{E5BFC2D6-BDAB-40AE-9DEF-4DC68F2F500F} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {2345D6B0-CAFD-4E59-B8BD-4B090F69CF16} - System32\Tasks\RegCure => C:\Program Files (x86)\RegCure\RegCure.exe [2010-06-13] ()
Task: {2A2FEAEB-FFF7-4095-BD71-F985AEBAD5DE} - System32\Tasks\{D12BF48A-CC03-43AB-9EC3-99FED05B2D7A} => pcalua.exe -a "C:\Program Files (x86)\BlueStacks\HD-RuntimeUninstaller.exe"
Task: {346E7C27-6B5F-4759-9820-26CC924CE0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {38DA9148-2EF2-4AEB-BC87-F3199E506247} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {398A327D-3379-4472-83B5-2FFA6016134A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {3D7C4A06-AD25-4063-8F48-EF7F635906DD} - System32\Tasks\{E5CC5A64-52CF-4623-B2C7-562AFE7CA212} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {469E4821-5767-48F5-85FD-9222334165A8} - System32\Tasks\{CEA399DE-E27B-4EC5-914B-C87A23C3500F} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"
Task: {47F257D5-1098-42A9-BBFE-856B2FAD1054} - System32\Tasks\{2A70A94C-0F7F-4C71-A6B8-46E26D6B249B} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {4D24C1F9-4217-4A50-B31E-BD9877BAD97C} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {50A85377-9038-46E4-9397-BCB36F0563E8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {52B267EA-BE0E-4BA3-B3FC-9FA7F59BCA97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {569563BC-0B15-431D-8D21-BB47F30D0003} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {5713371C-95A7-4917-ADED-232652F8C983} - System32\Tasks\{724FF4FC-7D91-454A-8AB7-9EAE5EF40960} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {5DDCFCD0-E807-4966-99C7-9CC479E588D2} - System32\Tasks\{E49F7C0D-F95A-47DC-AE9C-4E1E49F9390F} => pcalua.exe -a C:\Users\Rasuka\0wto11ww.exe -d C:\Users\Rasuka
Task: {6BA6068E-5650-46EB-8D88-37A2B326A1C8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {6EBE2D24-B182-4F48-A502-0039FF69469B} - System32\Tasks\Microsoft\9a1b17f20e0af55e311550975b4aa24a => C:\Users\Rasuka\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION
Task: {6EF09F29-7244-4BBF-94CE-D3FE3602FB51} - System32\Tasks\{45EA421A-51C9-4779-BABF-8240F25648FD} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1
Task: {707CADC8-4B7F-431E-8761-34F2668616BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72CF49A3-4A4B-471F-9AD6-60E504295D6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {74299258-8DAF-4BEF-9CDA-F9F30E7729E0} - System32\Tasks\Microsoft\a3d90235e1136671ab1195c6078184ff => C:\Users\Rasuka\AppData\Roaming\DownloadManager\Updater.exe <==== ATTENTION
Task: {749B25FB-5C8B-47A8-844C-B0F33197959E} - System32\Tasks\{FF3BA0B8-F3B1-435C-B6AF-C7D4A4F46508} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {8988B92E-0B73-44E3-9435-A8BEE01FC290} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-30] (RealNetworks, Inc.)
Task: {8A567B82-3ED9-452E-AE54-C4EBC2E271A9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {9D80D751-04A3-4441-BEF6-108B9AAC389C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E65973D-8B00-4AE0-BCDF-529573DEE661} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {9E840021-2EFA-4CE3-AF21-47F1C98F1E16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {A09EB468-DC96-47AC-95EB-C736B09E190D} - System32\Tasks\{3B3FD31A-46A5-418E-80F1-BCC52686A04A} => pcalua.exe -a "C:\Remote Programs\Chicken Invaders 3\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=742650;name=Chicken Invaders 3;dir=C:\Remote Programs\Chicken Invaders 3\;prvid=143;cmdid=1;prvdir=Default
Task: {A2678D7C-B865-45C2-9490-EC8780D52250} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {A4C494A6-4C0A-4C39-8B84-DE489882957B} - System32\Tasks\{B4A23E6E-C0C0-4CA5-9481-633B8CE5467A} => pcalua.exe -a "C:\Users\Rasuka\Adobe Master Collection CS4\Adobe Master Collection CS4\Adobe CS4 Master Collection - Shadeyman\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent
Task: {AA8E2498-F463-4421-B4B9-7ED3506F056A} - System32\Tasks\{E233E265-7560-4FDF-88AD-B2514D009AD1} => pcalua.exe -a C:\Users\Rasuka\Downloads\t-engine-launcher.exe -d C:\Users\Rasuka\Downloads
Task: {AE726A4E-DD5B-4253-BF8E-86FE8ACB03D8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {AEC66460-48AF-4979-9C0F-660464DC180A} - System32\Tasks\{BB11BA80-79B8-4893-8223-A26E64A7486A} => pcalua.exe -a "C:\Users\Rasuka\Downloads\Horns 2013\WMP x264 Codec Pack.exe" -d "C:\Users\Rasuka\Downloads\Horns 2013"
Task: {B50B6778-5740-4285-A22F-6764F157C83C} - System32\Tasks\{36D133A2-797D-4CD0-AD2C-763552ED6126} => pcalua.exe -a C:\Users\Rasuka\caiu15us.exe -d C:\Users\Rasuka
Task: {B8048D3B-84B0-400E-93D7-311832C64D8C} - System32\Tasks\{8BA15FFB-045D-45EB-9020-A6C37C8646AE} => pcalua.exe -a "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs\overball-setup.exe" -d "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs"
Task: {C4E8C87A-F194-4320-8F46-807C437755C2} - System32\Tasks\4796 => Wscript.exe C:\Users\Rasuka\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C632E5A5-C9EF-4CE7-A1C7-0D63D0B50AEB} - System32\Tasks\{87E18A00-70D7-4E23-8C0E-A96BD4689162} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {E6627E38-1E4B-47A9-BB9B-716B61F7A950} - System32\Tasks\Security Center Update - 2607807786 => C:\Users\Rasuka\AppData\Roaming\Usmexe\uhzut.exe <==== ATTENTION
Task: {E70CDEF9-7D08-4A58-ACCA-D1B5BA65651E} - System32\Tasks\{BA0D7B23-D099-401C-A2AA-E0DD6CB74988} => pcalua.exe -a "C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe" -d "C:\Program Files (x86)\Reason\Should I Remove It\"
Task: {E917B792-DBA4-4B94-971A-D99271FB5DF3} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-05] (Intel)
Task: {EAEEF2C9-DD4B-4BDE-8DD3-6E4C76426337} - System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C} => pcalua.exe -a "C:\Program Files (x86)\Thunder Network\Thunder\ThunderUninstall.exe"
Task: {ED767B26-1937-459B-9C14-E6263B654D6B} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {EE9D73D2-AA24-421B-A05C-C075CC325A5B} - System32\Tasks\{4EF5DBBA-8C36-4DF5-BB7E-0DFC7D116955} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {F378FFE8-12D2-4B52-9FE5-ECED93D5AFED} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {FAE7BE10-0F93-4D10-9C7E-4F150E028997} - System32\Tasks\{4A51568A-7C5C-433B-A3C3-21CFEAD0EBEC} => pcalua.exe -a "C:\Remote Programs\Azteca\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=529250;name=Azteca;dir=C:\Remote Programs\Azteca\;prvid=143;cmdid=1;prvdir=Default
Task: {FEE02C20-EAE0-4317-9099-9B4E19D328C0} - System32\Tasks\{C7CAA15D-063A-45B7-BAF2-FC8F6EF10B5E} => pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Rasuka.job => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\Windows\Tasks\RegCure Program Check.job => C:\Program Files (x86)\RegCure\regcure.exe
Task: C:\Windows\Tasks\RegCure.job => C:\Program Files (x86)\RegCure\regcure.exe
Task: C:\Windows\Tasks\RegInOut on user logon - Rasuka.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: C:\Windows\Tasks\SpeedyPC Pro_sch_DCF3584B-8D31-11E4-833B-9C4E3627E7DC.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-30 18:10 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-29 16:38 - 2014-10-29 16:38 - 03166208 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2014-10-29 16:38 - 2014-10-29 16:38 - 02507776 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2014-11-02 09:42 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-07-30 01:17 - 2014-07-30 01:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 18:22 - 2012-05-30 18:42 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2014-07-30 04:04 - 2014-07-30 04:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-07-12 16:55 - 2008-06-26 18:09 - 00167936 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
2012-05-30 18:16 - 2012-04-16 02:17 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-05-30 18:31 - 2011-12-08 13:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-17 21:52 - 2014-10-17 21:52 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-12-13 10:33 - 2014-12-13 10:32 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll
2014-12-13 10:33 - 2014-12-13 10:32 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll
2014-12-13 10:32 - 2014-12-13 10:32 - 00684032 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\libexpat.dll
2014-12-13 10:32 - 2014-12-13 10:33 - 00015360 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\mini_unzip_dll.dll
2014-12-26 18:54 - 2014-12-26 18:54 - 00133120 _____ () C:\Users\Rasuka\AppData\Roaming\fijryhfa\colers.dll
2014-12-13 10:32 - 2014-11-24 18:40 - 00254408 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\BrowserSupportMoudle.dll
2014-12-13 10:33 - 2014-12-13 10:32 - 00129480 _____ () C:\Program Files (x86)\Thunder Network\Thunder\tp\tp_proxy.dll
2014-12-13 10:38 - 2013-11-06 20:27 - 00014280 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\iEmbed.dll
2014-12-17 10:54 - 2014-12-17 10:54 - 00024008 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush\WifiDetector\WifiDetector.dll
2014-12-13 10:32 - 2014-12-13 10:32 - 00019968 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\minizip.dll
2014-12-13 10:32 - 2014-12-13 10:32 - 00077824 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\zlib1.dll
2014-12-13 10:32 - 2014-12-13 10:32 - 00143360 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\libexpat.dll
2014-12-13 10:32 - 2014-12-13 10:32 - 00012288 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\mini_unzip_dll.dll
2014-12-13 10:32 - 2014-12-13 10:32 - 00018296 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\dl_uac_tool.dll
2014-12-13 10:32 - 2014-12-13 10:32 - 00053112 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\XLCrypto.dll
2014-12-13 10:32 - 2014-12-13 10:32 - 00534984 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\ts.dll
2014-12-13 10:32 - 2014-12-13 10:32 - 01268168 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\emule_kernel.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00021040 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00089136 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\CommonTools.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:AD022376
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18545332.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29763148.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18545332.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29763148.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1422646263-2310165737-2160699533-500 - Administrator - Disabled)
Guest (S-1-5-21-1422646263-2310165737-2160699533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1422646263-2310165737-2160699533-1003 - Limited - Enabled)
Rasuka (S-1-5-21-1422646263-2310165737-2160699533-1001 - Administrator - Enabled) => C:\Users\Rasuka
 
==================== Faulty Device Manager Devices =============
 
Name: F:\
Description: Card  Reader    
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Multiple
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: MagicISO SCSI Host Controller
Description: MagicISO SCSI Host Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: MagicISO, Inc.
Service: mcdbus
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/27/2014 06:41:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 06:41:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/27/2014 06:04:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x269c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (12/27/2014 02:42:24 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{dbb41548-aaaa-11e1-bd66-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/27/2014 02:42:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = c:\PROGRA~1\mcafee\vul\mcvulctr.exe -Embedding; Description = McAfee Vulnerability Scanner; Error = 0x81000101).
 
Error: (12/27/2014 10:43:47 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/27/2014 10:43:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 10:30:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 10:20:46 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/27/2014 10:20:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/27/2014 07:56:02 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer XDLOLWTF-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4C664B27-4F08-4406-B0A7-0EF30F874AD9}.
The master browser is stopping or an election is being forced.
 
Error: (12/27/2014 07:19:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer XDLOLWTF-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4C664B27-4F08-4406-B0A7-0EF30F874AD9}.
The master browser is stopping or an election is being forced.
 
Error: (12/27/2014 07:09:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {2F4C0E0C-80AD-4105-9A0F-4BA90BB64296}
 
Error: (12/27/2014 07:07:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WMI Performance Adapter service failed to start due to the following error: 
%%1053
 
Error: (12/27/2014 07:07:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WMI Performance Adapter service to connect.
 
Error: (12/27/2014 07:01:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Scanner service failed to start due to the following error: 
%%1053
 
Error: (12/27/2014 07:01:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Scanner service to connect.
 
Error: (12/27/2014 07:01:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iPod Service service failed to start due to the following error: 
%%1053
 
Error: (12/27/2014 07:01:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
 
Error: (12/27/2014 07:01:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
 
Microsoft Office Sessions:
=========================
Error: (12/27/2014 06:41:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 06:41:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/27/2014 06:04:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425269c01d0222962ad851eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc331173f-8e1c-11e4-9b33-047d7bd9bec7
 
Error: (12/27/2014 02:42:24 PM) (Source: VSS) (EventID: 12298) (User: )
Description: \\?\Volume{dbb41548-aaaa-11e1-bd66-806e6f6e6963}\00x00000000, The operation completed successfully.
0x00000000, The operation completed successfully.
0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
0x00000000, The operation completed successfully.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/27/2014 02:42:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: c:\PROGRA~1\mcafee\vul\mcvulctr.exe -EmbeddingMcAfee Vulnerability Scanner0x81000101
 
Error: (12/27/2014 10:43:47 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/27/2014 10:43:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 10:30:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 10:20:46 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/27/2014 10:20:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 49%
Total physical RAM: 8053.2 MB
Available physical RAM: 4033.7 MB
Total Pagefile: 16106.39 MB
Available Pagefile: 10736.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:66.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.79 GB) NTFS
Drive e: (CoolPad Driver) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.39 GB) (Free:2.77 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 5226011C)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 52260118)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.3 GB) - (Type=12)
 
========================================================
Disk: 2 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Sorry that took so long. The scanner took a while.

Attached Thumbnails

  • IMG_20141227_1844121.jpg
  • IMG_20141227_1844121.jpg

Edited by Rasuka, 27 December 2014 - 07:21 PM.

  • 0

#4
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Are you sure that it is full content of FRST.txt? If it is, please, try again using the instructions below:

FRST Scan

I've noticed that last time you run FRST64 from the folder named Computer stuff. Please, move FRST64.exe to your Desktop.
  • Right click FRST64.exe on your Desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Scan button (leave Addition.txt unchecked)
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

  • 0

#5
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

pretty sure it was at the time anyhow I moved it to my desktop and here it is again:-
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Rasuka (administrator) on RASUKA-PC on 27-12-2014 21:28:41
Running from C:\Users\Rasuka\Desktop
Loaded Profiles: Rasuka &  (Available profiles: Rasuka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(深圳市迅雷网络技术有限公司) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(深圳市迅雷网络技术有限公司) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\ThunderPlatform.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotator.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [378968 2012-01-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-30] (Synaptics)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-05-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [606024 2013-09-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-30] (Lenovo)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe [3244080 2012-04-06] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-28] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [423200 2008-07-11] (Sony Corporation)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-16] (LENOVO)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2014-12-19] (Valve Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => "C:\Program Files\Sandboxie\SbieCtrl.exe"
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => "C:\Users\Rasuka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Del5288808] => cmd.exe /Q /D /c del "C:\Users\Rasuka\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Del8716821] => cmd.exe /Q /D /c del "C:\Users\Rasuka\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Rasuka\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [YRPack] => regsvr32.exe C:\Users\Rasuka\AppData\Local\YRPack\ExGLCres54.dll <===== ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Thunder] => C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe [1353672 2014-12-13] (深圳市迅雷网络技术有限公司)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2014-12-19] (Valve Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Ofics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Rasuka\AppData\Local\IWsoft\Dfrgmon2.dll
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Rasuka\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YRPack] => regsvr32.exe C:\Users\Rasuka\AppData\Local\YRPack\ExGLCres54.dll <===== ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Thunder] => C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe [1353672 2014-12-13] (深圳市迅雷网络技术有限公司)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2014-12-19] (Valve Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Ofics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Rasuka\AppData\Local\IWsoft\Dfrgmon2.dll
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
Startup: C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(752).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...t&type=avastbcl
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...t&type=avastbcl
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - No File
URLSearchHook: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {341f4dac-1966-47ff-aacf-0ce175f1498a} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {279560F9-9C70-4028-9C2D-E477D827903C} URL = 
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {17AB2B29-6ACE-46AD-8F64-B68BE905FD42} URL = http://ca.search.yah...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2FEA9F96-D83A-4CD2-A535-672FE43303CF} URL = http://websearch.ask...CB-3666E76F966D
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...1I7LENN_enCA498
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {70BA3E6B-1059-2266-0B2C-40E4A85231B8} URL = http://www.ddlstart....eferrer:source}
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={FF5D710C-5738-4FFF-9748-51E1CB0928F1}&mid=c7b73156215347d0b0f2d5343d3d5734-fed77a202c9cf31e9f193f7498c12a3171a40e6f&lang=en&ds=gm011&pr=sa&d=2013-03-26 08:02:34&v=15.0.0.2&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> {E9FFB269-B854-4761-8C1C-BC5F324335E3} URL = http://ca.search.yah...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E9FFB269-B854-4761-8C1C-BC5F324335E3} URL = http://ca.search.yah...p={SearchTerms}
BHO: ѸÀ×ÏÂÔØÖ§³Ö -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.30.4860.dll (深圳市迅雷网络技术有限公司)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name -> {452ADB5B-00BE-469D-A65F-3046146B2ED5} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ѸÀ×ÏÂÔØÖ§³Ö×é¼þ -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {6C3BC03F-D7B9-43AC-8931-C242E3CAE971} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {341F4DAC-1966-47FF-AACF-0CE175F1498A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll File Not found ()
Winsock: Catalog9 13 %SystemRoot%\system32\vsocklib.dll File Not found ()
Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll File Not found ()
Winsock: Catalog9-x64 13 %SystemRoot%\system32\vsocklib.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8AE1D0C4-7173-439A-A816-1CE62C27BD64}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9B589234-F4A2-4C6C-9A5A-03E5B07A6BCB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CC6CA805-4581-4164-8FC0-492B3F3009C8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D3694D17-36C2-4024-9423-D8AEE6EFE184}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FE9367BC-57FD-431C-AFE2-10F4FBAC625F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1422646263-2310165737-2160699533-1001: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Thunder Extension - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C} [2014-12-13]
FF Extension: CallChannelManager Class - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7} [2014-11-11]
FF Extension: No Name - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}.oldbackup [2013-04-12]
FF Extension: iMacros for Firefox - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-12-19]
FF Extension: RefControl - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2012-12-20]
FF Extension: Greasemonkey - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-12-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: No Name - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> google.ca_
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-21]
CHR Extension: (Google Docs) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-21]
CHR Extension: (Google Drive) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-21]
CHR Extension: (YouTube) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-21]
CHR Extension: (Google Search) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-21]
CHR Extension: (Tampermonkey) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-21]
CHR Extension: (Google Sheets) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-21]
CHR Extension: (Gmail) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Chrome\Extension: [cdipjefcbnbcjgpgbgmpmcmgbmpjpjae] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Chrome\Extension: [effmnknpfaiehkmalhaggnbglpbkhane] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [cdipjefcbnbcjgpgbgmpmcmgbmpjpjae] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [effmnknpfaiehkmalhaggnbglpbkhane] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cdipjefcbnbcjgpgbgmpmcmgbmpjpjae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - No Path
CHR HKLM-x32\...\Chrome\Extension: [effmnknpfaiehkmalhaggnbglpbkhane] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-16] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164184 2012-04-16] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5434008 2013-08-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-26] (Electronic Arts)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-17] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2014-12-13] (ShenZhen Xunlei Networking Technologies,LTD)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-12-26] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-13] (TODO: <Company name>)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 21:28 - 2014-12-27 21:28 - 00054546 _____ () C:\Users\Rasuka\Desktop\FRST.txt
2014-12-27 21:26 - 2014-12-27 19:18 - 02122752 _____ (Farbar) C:\Users\Rasuka\Desktop\FRST64.exe
2014-12-27 19:25 - 2014-12-27 21:31 - 00000000 ____D () C:\FRST
2014-12-27 15:45 - 2014-12-27 16:15 - 00006372 _____ () C:\Windows\SysWOW64\rsslogs.20141227154136
2014-12-27 13:32 - 2014-12-27 13:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-27 12:39 - 2014-12-27 12:39 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-27 12:36 - 2014-12-27 12:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-27 12:34 - 2014-12-27 12:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-27 10:51 - 2014-12-27 10:51 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-27 10:17 - 2014-12-27 10:17 - 00779704 _____ (Symantec) C:\Users\Rasuka\Setup.exe
2014-12-27 10:17 - 2014-12-27 10:17 - 00001428 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-12-27 10:17 - 2014-12-27 10:17 - 00000454 ____H () C:\Windows\Tasks\Norton Security Scan for Rasuka.job
2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\Windows\system32\Drivers\NSSx64
2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\ProgramData\Norton
2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-12-27 10:01 - 2014-12-27 10:02 - 00002910 _____ () C:\Windows\SysWOW64\rsslogs.20141227095652
2014-12-26 22:08 - 2014-12-27 20:18 - 00000000 ____D () C:\Users\Rasuka\Computer stuff
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean.tmp
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean
2014-12-26 19:53 - 2014-12-26 19:53 - 00000398 _____ () C:\Windows\Tasks\RegInOut on user logon - Rasuka.job
2014-12-26 19:52 - 2014-12-26 19:52 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-12-26 19:49 - 2014-12-26 19:49 - 00000235 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
2014-12-26 19:34 - 2014-12-26 20:13 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\IWsoft
2014-12-26 19:31 - 2014-12-27 18:40 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:31 - 2014-12-27 18:40 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:22 - 2014-12-26 21:45 - 00000000 ____D () C:\ProgramData\Backup
2014-12-26 18:55 - 2014-12-26 18:55 - 00001101 _____ () C:\Users\Public\Desktop\RegInOut System Utilities.lnk
2014-12-26 18:55 - 2014-12-26 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegInOut System Utilities
2014-12-26 18:55 - 2014-12-26 18:55 - 00000000 ____D () C:\Program Files (x86)\RegInOut System Utilities
2014-12-26 18:54 - 2014-12-26 18:54 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\fijryhfa
2014-12-26 18:18 - 2014-12-26 21:00 - 00000000 ____D () C:\ProgramData\RegInOut
2014-12-26 18:00 - 2014-12-26 18:00 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-12-26 18:00 - 2011-08-23 21:57 - 00565352 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-12-26 18:00 - 2011-08-23 21:57 - 00074272 _____ () C:\Windows\system32\RtNicProp64.dll
2014-12-26 15:13 - 2014-12-26 15:13 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-26 15:11 - 2014-12-26 15:11 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2014-12-26 15:11 - 2014-12-26 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-12-26 15:09 - 2014-12-26 15:09 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-12-26 14:04 - 2014-12-26 14:04 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\SpeedyPC Software
2014-12-26 14:03 - 2014-12-26 14:03 - 00000573 _____ () C:\Windows\Tasks\SpeedyPC Pro_sch_DCF3584B-8D31-11E4-833B-9C4E3627E7DC.job
2014-12-26 14:02 - 2014-12-26 17:47 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-12-26 09:25 - 2014-12-26 09:25 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-12-25 12:22 - 2014-12-25 15:20 - 00000752 _____ () C:\Windows\DtcInstall.log
2014-12-25 11:01 - 2014-12-25 11:19 - 00001446 _____ () C:\Windows\comsetup.log
2014-12-25 10:38 - 2014-12-25 10:38 - 00000002 _____ () C:\$UpgDrv$
2014-12-25 10:37 - 2014-12-25 10:37 - 00001594 _____ () C:\Windows\CompatibilityIssues.txt
2014-12-25 10:20 - 2014-12-26 09:25 - 00000000 ____D () C:\$UPGRADE.~OS
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagwrn.xml
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagerr.xml
2014-12-24 20:16 - 2014-12-24 20:16 - 00455136 ____T () C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll
2014-12-24 20:16 - 2014-12-24 20:16 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\CrashRpt
2014-12-24 20:15 - 2014-12-24 20:15 - 00000872 _____ () C:\Users\Rasuka\Desktop\SIW x64 Home Edition.lnk
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____H () C:\Users\Rasuka\Documents\Default.rdp
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
2014-12-24 20:14 - 2014-12-24 20:15 - 00000000 ____D () C:\Program Files\SIW Home Edition
2014-12-24 20:10 - 2014-12-24 20:11 - 00000916 _____ () C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
2014-12-24 20:08 - 2014-12-24 20:08 - 00000099 _____ () C:\Windows\Reimage.ini
2014-12-24 19:43 - 2014-12-27 10:08 - 00000000 ____D () C:\Windows\pss
2014-12-24 19:06 - 2014-12-24 19:06 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\gnqunwbz
2014-12-24 18:43 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-12-24 18:27 - 2014-12-24 18:27 - 00305192 _____ () C:\Windows\Minidump\122414-8112-01.dmp
2014-12-24 11:23 - 2014-12-24 11:23 - 00305000 _____ () C:\Windows\Minidump\122414-45427-01.dmp
2014-12-23 23:03 - 2014-12-23 23:03 - 00000000 ____D () C:\ProgramData\F-Secure
2014-12-23 21:21 - 2014-12-23 21:48 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\qxdbanzr
2014-12-23 21:13 - 2014-12-26 13:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-23 21:06 - 2014-12-23 21:06 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\71490227.sys
2014-12-23 20:36 - 2014-12-23 21:48 - 00000000 ____D () C:\Users\Rasuka\Downloads\tdsskiller
2014-12-23 20:36 - 2014-12-23 20:37 - 05198336 _____ (AVAST Software) C:\Users\Rasuka\Downloads\aswMBR.exe
2014-12-23 20:35 - 2014-12-23 20:35 - 04166770 _____ () C:\Users\Rasuka\Downloads\tdsskiller.zip
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\system32\NV
2014-12-23 19:52 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-23 19:18 - 2014-12-23 19:19 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141223191743
2014-12-23 19:01 - 2014-12-23 19:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 14:13 - 2014-12-24 18:59 - 00078336 ___SH () C:\Users\Rasuka\Thumbs.db
2014-12-21 22:09 - 2014-12-21 22:09 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-21 22:09 - 2014-12-21 22:09 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-21 22:09 - 2014-12-21 22:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-21 22:09 - 2014-12-21 22:09 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-21 22:09 - 2014-12-21 22:09 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-21 22:09 - 2014-12-21 22:09 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-21 22:09 - 2014-12-21 22:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-21 22:08 - 2014-12-21 22:09 - 00003397 _____ () C:\Windows\IE9_main.log
2014-12-21 20:25 - 2014-12-23 20:38 - 00000424 _____ () C:\Windows\system32\.crusader
2014-12-21 19:10 - 2014-12-21 19:10 - 00003136 _____ () C:\Windows\System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C}
2014-12-21 18:59 - 2014-12-21 20:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-21 18:59 - 2014-12-21 18:59 - 11222744 _____ (SurfRight B.V.) C:\Users\Rasuka\Downloads\HitmanPro_x64.exe
2014-12-21 18:41 - 2014-12-24 18:27 - 995996754 _____ () C:\Windows\MEMORY.DMP
2014-12-21 18:41 - 2014-12-21 18:41 - 00287584 _____ () C:\Windows\Minidump\122114-17612-01.dmp
2014-12-21 18:29 - 2014-12-22 09:07 - 00001424 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-21 18:26 - 2014-12-26 20:41 - 00020994 _____ () C:\Windows\PFRO.log
2014-12-21 18:19 - 2014-12-21 18:19 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-21 18:19 - 2014-12-21 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-21 18:18 - 2014-12-27 21:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 18:18 - 2014-12-27 18:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 18:18 - 2014-12-21 18:18 - 00880784 _____ (Google Inc.) C:\Users\Rasuka\ChromeSetup.exe
2014-12-21 18:16 - 2014-12-27 19:06 - 00547388 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 18:15 - 2014-12-21 18:15 - 00003284 _____ () C:\Windows\SysWOW64\rsslogs.20141221181208
2014-12-21 18:11 - 2014-12-27 18:39 - 00001619 _____ () C:\Windows\setupact.log
2014-12-21 18:11 - 2014-12-25 10:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-21 17:40 - 2014-12-21 17:40 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\qtpcszcz
2014-12-21 15:32 - 2014-12-21 15:32 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 15:31 - 2014-12-23 19:53 - 00000000 ____D () C:\AdwCleaner
2014-12-21 15:30 - 2014-12-21 15:30 - 02173952 _____ () C:\Users\Rasuka\Downloads\AdwCleaner.exe
2014-12-21 15:30 - 2014-12-21 15:30 - 01707646 _____ (Thisisu) C:\Users\Rasuka\Downloads\JRT.exe
2014-12-21 15:30 - 2014-12-21 15:30 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\sxkykjhe
2014-12-21 15:20 - 2014-12-21 15:21 - 124144376 _____ (Microsoft Corporation) C:\Users\Rasuka\Downloads\msert.exe
2014-12-21 15:06 - 2014-12-21 15:06 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141221150518
2014-12-21 14:57 - 2014-12-21 14:57 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\ovqzwhds
2014-12-21 14:51 - 2014-12-21 14:51 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\vaovhrak
2014-12-20 13:41 - 2014-12-21 10:54 - 00000000 ____D () C:\Users\Rasuka\Grey's Anatomy
2014-12-20 11:45 - 2014-12-20 11:45 - 00014125 ____H () C:\Users\Rasuka\8DA7614F897FED714A91D68ED9B7C8C7B164D06C.torrent
2014-12-19 22:07 - 2014-12-22 09:07 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-17 20:10 - 2014-12-17 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-16 09:30 - 2014-12-21 15:05 - 00000304 _____ () C:\Windows\system32\TemporarFileConfiguration
2014-12-15 20:50 - 2014-12-15 20:53 - 00000000 ____D () C:\Users\Rasuka\衝上雲霄
2014-12-13 10:35 - 2014-12-14 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
2014-12-13 10:35 - 2014-12-14 22:02 - 00000000 ____D () C:\Program Files\Common Files\Thunder Network
2014-12-13 10:34 - 2014-12-13 10:34 - 00000020 _____ () C:\Windows\SysWOW64\pub_store.dat
2014-12-13 10:34 - 2014-12-13 10:34 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\ѸÀ×ÓÎÏ·
2014-12-13 10:34 - 2014-12-13 10:32 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\atl90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00001857 _____ () C:\Windows\system32\Microsoft.VC90.CRT.manifest
2014-12-13 10:34 - 2014-12-13 10:32 - 00000466 _____ () C:\Windows\system32\Microsoft.VC90.ATL.manifest
2014-12-13 10:33 - 2014-12-13 14:20 - 00000000 ____D () C:\Users\Public\Thunder Network
2014-12-13 10:33 - 2014-12-13 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷
2014-12-13 10:33 - 2014-12-13 10:33 - 00001340 _____ () C:\Users\Rasuka\Desktop\迅雷7.lnk
2014-12-13 10:32 - 2014-12-21 19:12 - 00000000 ____D () C:\Program Files (x86)\Thunder Network
2014-12-13 10:32 - 2014-12-13 10:35 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-12-13 10:28 - 2014-12-13 10:32 - 32010184 _____ (深圳市迅雷网络技术有限公司) C:\Users\Rasuka\Downloads\Thunder_dl_7.9.30.4860.exe
2014-12-12 15:22 - 2014-12-12 15:22 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141212152137
2014-12-10 22:03 - 2014-12-10 22:03 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 15:27 - 2014-12-10 15:27 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141210152457
2014-12-09 23:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 23:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 15:52 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 15:52 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 15:51 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 15:50 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 15:50 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 15:50 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 15:50 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 15:50 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 15:50 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 19:33 - 2014-12-08 19:33 - 01533908 _____ () C:\Users\Rasuka\christmas card with border.psd
2014-12-08 18:44 - 2014-12-08 18:44 - 01219808 _____ () C:\Users\Rasuka\christmas card.psd
2014-12-06 23:19 - 2014-12-06 22:16 - 00894085 _____ (JamesR) C:\Users\Rasuka\Desktop\Le Bot 8.3.exe
2014-12-06 22:16 - 2014-12-06 22:16 - 00894085 _____ (JamesR) C:\Users\Rasuka\Downloads\Le Bot 8.3.exe
2014-12-06 12:57 - 2014-12-06 15:23 - 00000000 ____D () C:\Users\Rasuka\manga
2014-12-05 22:02 - 2014-12-05 22:04 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Risoquz
2014-12-04 23:29 - 2014-12-04 23:29 - 00000000 ____D () C:\Users\Rasuka\Downloads\Cubis Deluxe + Serial & Cubis Gold 2 + Crack
2014-12-03 18:52 - 2014-12-03 18:52 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-02 11:32 - 2014-12-02 11:32 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141202105225
2014-11-29 11:43 - 2014-11-29 11:59 - 00000046 _____ () C:\Users\Rasuka\AppData\Roaming\CoreAVC.ini
2014-11-29 11:32 - 2014-12-01 20:33 - 00000000 ___HD () C:\sohucache
2014-11-29 11:32 - 2014-11-29 13:28 - 00000000 ____D () C:\SHDownload
2014-11-29 11:32 - 2014-11-29 11:42 - 00000000 ____D () C:\Users\Rasuka\Documents\搜狐影音
2014-11-29 11:32 - 2014-11-29 11:32 - 00000000 ____D () C:\Users\Rasuka\Documents\ËѺüÓ°Òô
2014-11-29 11:31 - 2014-11-29 11:32 - 00000000 ____D () C:\Program Files (x86)\搜狐影音
2014-11-29 11:31 - 2014-11-29 11:31 - 00001914 _____ () C:\Users\Rasuka\Desktop\搜狐影音游戏大厅.lnk
2014-11-29 11:31 - 2014-11-29 11:31 - 00001880 _____ () C:\Users\Rasuka\Desktop\搜狐影音.lnk
2014-11-29 11:31 - 2014-11-29 11:31 - 00001858 _____ () C:\Users\Rasuka\Desktop\高清热播影视剧.lnk
2014-11-29 11:31 - 2014-11-29 11:31 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Temp尰
2014-11-29 11:31 - 2014-11-29 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音
2014-11-29 11:30 - 2014-11-29 11:31 - 16785352 _____ (搜狐公司 SOHU .COM INC) C:\Users\Rasuka\Downloads\SoHuVA_4.2.0.16-c700001001-x.exe
2014-11-28 21:58 - 2014-11-28 22:02 - 00000000 ____D () C:\Program Files (x86)\2C24168A-AEF7-4868-818A-2652A8AD4410
2014-11-28 21:56 - 2014-11-28 22:09 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\22222
2014-11-27 22:25 - 2014-11-27 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Knights of Pen and Paper
2014-11-27 22:25 - 2014-11-27 22:25 - 00000000 ____D () C:\Program Files (x86)\Knights of Pen and Paper
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 21:40 - 2014-11-25 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 20:23 - 2013-04-09 16:55 - 00000000 ____D () C:\Users\Rasuka\Documents\Just Another Day with you
2014-12-27 19:17 - 2012-08-26 00:23 - 00049184 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-27 18:51 - 2009-07-14 00:13 - 00791388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 18:50 - 2012-08-26 00:12 - 00000000 ____D () C:\Users\Rasuka\Tracing
2014-12-27 18:50 - 2012-05-30 18:32 - 00000000 ____D () C:\ProgramData\VeriFace
2014-12-27 18:48 - 2014-11-01 11:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 18:43 - 2013-04-12 16:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-27 18:40 - 2012-10-03 23:07 - 03365853 _____ () C:\FaceProv.log
2014-12-27 18:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 17:00 - 2012-08-26 08:05 - 00000416 _____ () C:\Windows\Tasks\RegCure Program Check.job
2014-12-27 15:08 - 2013-03-17 08:54 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Skype
2014-12-27 15:06 - 2013-03-17 08:54 - 00000000 ____D () C:\ProgramData\Skype
2014-12-27 15:05 - 2014-11-15 08:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-27 14:51 - 2014-10-03 10:26 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-27 14:12 - 2014-10-12 07:15 - 00001270 _____ () C:\Users\Rasuka\Desktop\ Mabinogi .lnk
2014-12-27 12:46 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 12:46 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 10:17 - 2012-08-25 23:49 - 00000000 ___SD () C:\Users\Rasuka
2014-12-26 20:34 - 2013-01-10 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2014-12-26 19:45 - 2014-10-29 16:54 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-26 19:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 18:00 - 2012-05-30 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-26 09:39 - 2012-08-29 15:28 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-12-26 09:39 - 2012-08-26 10:08 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-12-26 09:39 - 2012-08-26 08:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-12-26 09:39 - 2012-08-26 05:14 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-26 09:39 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-26 09:39 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-26 09:21 - 2010-11-20 09:42 - 00000000 ____D () C:\$WINDOWS.~BT
2014-12-24 18:47 - 2012-08-26 00:45 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker
2014-12-24 18:27 - 2013-12-28 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-12-24 18:14 - 2014-02-16 19:24 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-23 21:56 - 2012-08-25 23:48 - 00000000 ____D () C:\Recovery
2014-12-23 21:48 - 2014-10-19 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-23 21:48 - 2012-11-12 08:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-23 21:48 - 2012-08-25 23:49 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-23 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-23 21:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-23 20:03 - 2014-03-23 07:23 - 00000000 ____D () C:\Temp
2014-12-23 20:03 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-22 16:12 - 2013-03-18 10:45 - 00000000 ____D () C:\Users\Rasuka\New folder (3)
2014-12-22 15:59 - 2014-11-14 16:07 - 00000000 ____D () C:\Users\Rasuka\Downloads\Flockers-FLT
2014-12-22 15:42 - 2014-09-08 07:12 - 00000000 ____D () C:\Users\Rasuka\Documents\Chemical Lab Tech
2014-12-22 09:14 - 2014-09-09 23:15 - 00022592 _____ () C:\Users\Rasuka\clickerHeroSave.txt
2014-12-22 09:07 - 2012-08-25 23:50 - 00001418 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-21 18:27 - 2011-02-24 12:03 - 00000000 ____D () C:\Windows\Panther
2014-12-21 18:19 - 2012-08-26 00:26 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Google
2014-12-21 18:19 - 2012-05-30 18:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-21 18:18 - 2012-05-30 18:37 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-21 18:18 - 2012-05-30 18:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-21 18:11 - 2012-08-26 08:14 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\uTorrent
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-12-21 09:33 - 2013-04-14 09:33 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Deployment
2014-12-21 08:29 - 2009-07-14 00:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-20 10:19 - 2014-11-22 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 22:06 - 2009-07-13 21:34 - 00001512 ___SH () C:\Windows\system32\Drivers\etc\hosts.hitmanpro
2014-12-19 11:57 - 2014-11-07 22:27 - 00000865 _____ () C:\Users\Rasuka\Desktop\µTorrent.lnk
2014-12-19 11:57 - 2013-09-13 15:58 - 00000845 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-12-18 18:46 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-17 21:40 - 2013-06-10 13:48 - 00000000 ____D () C:\Users\Rasuka\New folder (4)
2014-12-17 18:41 - 2014-10-23 14:54 - 00000000 ____D () C:\Program Files (x86)\Granado Espada Online
2014-12-14 15:01 - 2012-08-28 21:34 - 00000000 ____D () C:\Users\Rasuka\Documents\Youcam
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 05:08 - 2014-02-16 19:18 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-13 05:08 - 2012-05-30 18:09 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 01097360 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 03:03 - 2012-05-30 18:10 - 00628040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-12 22:38 - 2014-11-25 21:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 22:12 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 22:05 - 2014-11-25 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 22:05 - 2014-11-25 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-12 18:11 - 2012-05-30 18:10 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-12 15:25 - 2014-01-10 11:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 22:03 - 2014-04-29 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 15:51 - 2012-08-26 08:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 15:47 - 2013-07-16 06:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 15:34 - 2012-08-26 00:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 15:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-12-09 13:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-12-07 18:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-12-06 10:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-12-03 18:52 - 2014-11-01 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 18:52 - 2014-11-01 11:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 16:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-02 14:56 - 2014-05-09 21:20 - 00000000 ____D () C:\ProgramData\Origin
2014-12-02 14:55 - 2014-05-09 21:20 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-28 09:25 - 2012-08-26 00:29 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Adobe
2014-11-28 09:25 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\addins
 
Files to move or delete:
====================
C:\Users\Rasuka\ChromeSetup.exe
C:\Users\Rasuka\Setup.exe
C:\Users\Rasuka\SkypeSetupFull.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-27 17:11
 
==================== End Of Log ============================

  • 0

#6
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

whatever the problem seems to be it also is causing my computer to take centuries to run a program, run multiple iexplore.exe processes and run at 100% CPU usage which have never happened before


  • 0

#7
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Alright, some things to do first.

P2P Warning

I noticed that you have or have had a P2P (Peer-to-Peer) file sharing program on your machine:
  • µTorrent
It is important to stay away from them as they are used to share pirated material. The programs themselves can be safe, but majority of the files shared through them is infected.

Some of things to keep in mind when using P2P programs:
  • Your computer is more likely to get infected with malware, which will result in coming back to our or other forums for help.
  • You may have your important data stolen, including passwords, photos or personal information.
  • You help to share pirated material, which may result in arrest, fines, or even jail time for illegal downloads of copyrighted material.
If I still didn't convince you, please read these short reports about how dangerous it can be to use P2P programs:Whether you remove them or not is your decision. Though I strongly recommend you to uninstall your P2P programs as they most likely will cause problems in the future.

If you choose not to remove them, please refrain from using them until we are done on cleaning your computer.

 
CKScanner
  • Download CKScanner and save it to your Desktop.
  • Right click CKScanner.exe and select Run as administrator.
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt on your desktop and copy/paste the content in your next reply.

  • 0

#8
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

As advised I uninstalled uTorrent and here is the file you requested for:-

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\gamigo\fiesta online na\reschar\archer-f\crackerashurboots.dds
c:\gamigo\fiesta online na\reschar\archer-f\crackerashurpants.dds
c:\gamigo\fiesta online na\reschar\archer-f\crackerashurshirt.dds
c:\gamigo\fiesta online na\reschar\archer-f\crackerashurshirt_br.dds
c:\gamigo\fiesta online na\reschar\archer-f\crackerashurshirt_ch.dds
c:\gamigo\fiesta online na\reschar\archer-f\crackerashurshirt_sh.dds
c:\gamigo\fiesta online na\reschar\archer-f\crackerglenirboots.dds
c:\gamigo\fiesta online na\reschar\archer-f\crackerglenirpants.dds
c:\gamigo\fiesta online na\reschar\archer-f\crackerglenirpants_th.dds
c:\gamigo\fiesta online na\reschar\archer-f\crackerglenirshirt.dds
c:\gamigo\fiesta online na\reschar\archer-f\crackerglenirshirt_sh.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerashurboots.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerashurpants.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerashurshirt.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerashurshirt_br.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerashurshirt_sh.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerashurshirt_ua.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerglenirboots.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerglenirpants.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerglenirshirt.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerglenirshirt_ch.dds
c:\gamigo\fiesta online na\reschar\archer-m\crackerglenirshirt_sh.dds
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar.kfm
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar.nif
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_ac_down_atk.kf
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_attack.kf
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_critical.kf
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_damage.kf
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_die.kf
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_drainsp.kf
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_normal_atk.kf
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_normal_wide.kf
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_run.kf
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_stand.kf
c:\gamigo\fiesta online na\reschar\b_crackerhumar\b_crackerhumar_root_walk.kf
c:\gamigo\fiesta online na\reschar\cleric-f\crackerascalonarmor.dds
c:\gamigo\fiesta online na\reschar\cleric-f\crackerascalonarmor_sh.dds
c:\gamigo\fiesta online na\reschar\cleric-f\crackerascalonboots.dds
c:\gamigo\fiesta online na\reschar\cleric-f\crackerascalonpants.dds
c:\gamigo\fiesta online na\reschar\cleric-f\crackerascalonpants_belt.dds
c:\gamigo\fiesta online na\reschar\cleric-f\crackermarbesarmor.dds
c:\gamigo\fiesta online na\reschar\cleric-f\crackermarbesboots.dds
c:\gamigo\fiesta online na\reschar\cleric-f\crackermarbespants.dds
c:\gamigo\fiesta online na\reschar\cleric-f\crackermarbespants_belt.dds
c:\gamigo\fiesta online na\reschar\cleric-m\crackerascalonarmor.dds
c:\gamigo\fiesta online na\reschar\cleric-m\crackerascalonarmor_sh.dds
c:\gamigo\fiesta online na\reschar\cleric-m\crackerascalonboots.dds
c:\gamigo\fiesta online na\reschar\cleric-m\crackerascalonpants.dds
c:\gamigo\fiesta online na\reschar\cleric-m\crackerascalonpants_belt.dds
c:\gamigo\fiesta online na\reschar\cleric-m\crackermarbesarmor.dds
c:\gamigo\fiesta online na\reschar\cleric-m\crackermarbesboots.dds
c:\gamigo\fiesta online na\reschar\cleric-m\crackermarbespants.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackerascalonarmor_br.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackerascalonarmor_ch.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackercchulainnshirt_br.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackercchulainnshirt_sh.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackerglenirshirt_br.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackermarbesarmor_br.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackermarbesarmor_sh.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackerthanatosarmor_br.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackerthanatosarmor_m.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackerthanatosarmor_ua.dds
c:\gamigo\fiesta online na\reschar\common\_c_crackervelundshirt_back.dds
c:\gamigo\fiesta online na\reschar\fighter-f\crackerandrasarmor.dds
c:\gamigo\fiesta online na\reschar\fighter-f\crackerandrasarmor_br.dds
c:\gamigo\fiesta online na\reschar\fighter-f\crackerandrasarmor_sh.dds
c:\gamigo\fiesta online na\reschar\fighter-f\crackerandrasboots.dds
c:\gamigo\fiesta online na\reschar\fighter-f\crackerandraspants.dds
c:\gamigo\fiesta online na\reschar\fighter-f\crackerandraspants_belt.dds
c:\gamigo\fiesta online na\reschar\fighter-f\crackerdantalionarmor.dds
c:\gamigo\fiesta online na\reschar\fighter-f\crackerdantalionboots.dds
c:\gamigo\fiesta online na\reschar\fighter-f\crackerdantalionpants.dds
c:\gamigo\fiesta online na\reschar\fighter-m\crackerandrasarmor.dds
c:\gamigo\fiesta online na\reschar\fighter-m\crackerandrasarmor_br.dds
c:\gamigo\fiesta online na\reschar\fighter-m\crackerandrasarmor_sh.dds
c:\gamigo\fiesta online na\reschar\fighter-m\crackerandrasboots.dds
c:\gamigo\fiesta online na\reschar\fighter-m\crackerandraspants.dds
c:\gamigo\fiesta online na\reschar\fighter-m\crackerandraspants_belt.dds
c:\gamigo\fiesta online na\reschar\fighter-m\crackerdantalionarmor.dds
c:\gamigo\fiesta online na\reschar\fighter-m\crackerdantalionarmor_br.dds
c:\gamigo\fiesta online na\reschar\fighter-m\crackerdantalionboots.dds
c:\gamigo\fiesta online na\reschar\fighter-m\crackerdantalionpants.dds
c:\gamigo\fiesta online na\reschar\joker-f\crackerhoralarmor.dds
c:\gamigo\fiesta online na\reschar\joker-f\crackerhoralarmor_br.dds
c:\gamigo\fiesta online na\reschar\joker-f\crackerhoralboots.dds
c:\gamigo\fiesta online na\reschar\joker-f\crackerhoralpants.dds
c:\gamigo\fiesta online na\reschar\joker-f\crackerthanatosarmor.dds
c:\gamigo\fiesta online na\reschar\joker-f\crackerthanatosboots.dds
c:\gamigo\fiesta online na\reschar\joker-f\crackerthanatospants.dds
c:\gamigo\fiesta online na\reschar\joker-m\crackerhoralarmor.dds
c:\gamigo\fiesta online na\reschar\joker-m\crackerhoralarmor_br.dds
c:\gamigo\fiesta online na\reschar\joker-m\crackerhoralboots.dds
c:\gamigo\fiesta online na\reschar\joker-m\crackerhoralpants.dds
c:\gamigo\fiesta online na\reschar\joker-m\crackerthanatosarmor.dds
c:\gamigo\fiesta online na\reschar\joker-m\crackerthanatosboots.dds
c:\gamigo\fiesta online na\reschar\joker-m\crackerthanatospants.dds
c:\gamigo\fiesta online na\reschar\kingcrab\emperorcarb_crackbip01_skill5.kf
c:\gamigo\fiesta online na\reschar\kingcrab\emperorcrab_crackbip01_skill1.kf
c:\gamigo\fiesta online na\reschar\kingcrab\emperorcrab_crackbip01_skill2.kf
c:\gamigo\fiesta online na\reschar\kingcrab\emperorcrab_crackbip01_skill3.kf
c:\gamigo\fiesta online na\reschar\kingcrab\emperorcrab_crackbip01_skill3_2.kf
c:\gamigo\fiesta online na\reschar\kingcrab\emperorcrab_crackbip01_skill3_cast.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_attack.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_critical.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_damage.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_dash.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_die.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_knockback00.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_knockback01.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_knockback02.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_run.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_stand.kf
c:\gamigo\fiesta online na\reschar\kingcrab\kingcrab_crackbip01_walk.kf
c:\gamigo\fiesta online na\reschar\mage-f\crackercchulainnboots.dds
c:\gamigo\fiesta online na\reschar\mage-f\crackercchulainnpants.dds
c:\gamigo\fiesta online na\reschar\mage-f\crackercchulainnshirt.dds
c:\gamigo\fiesta online na\reschar\mage-f\crackervelundboots.dds
c:\gamigo\fiesta online na\reschar\mage-f\crackervelundpants.dds
c:\gamigo\fiesta online na\reschar\mage-f\crackervelundshirt.dds
c:\gamigo\fiesta online na\reschar\mage-m\crackercchulainnboots.dds
c:\gamigo\fiesta online na\reschar\mage-m\crackercchulainnpants.dds
c:\gamigo\fiesta online na\reschar\mage-m\crackercchulainnshirt.dds
c:\gamigo\fiesta online na\reschar\mage-m\crackervelundboots.dds
c:\gamigo\fiesta online na\reschar\mage-m\crackervelundpants.dds
c:\gamigo\fiesta online na\reschar\mage-m\crackervelundshirt.dds
c:\gamigo\fiesta online na\reschar\m_kingcrab01\m_kingcrab01_crackbip01_action.kf
c:\gamigo\fiesta online na\reschar\m_kingcrab01\m_kingcrab01_crackbip01_back.kf
c:\gamigo\fiesta online na\reschar\m_kingcrab01\m_kingcrab01_crackbip01_run.kf
c:\gamigo\fiesta online na\reschar\m_kingcrab01\m_kingcrab01_crackbip01_stand.kf
c:\gamigo\fiesta online na\reschar\m_kingcrab01\m_kingcrab01_crackbip01_walk.kf
c:\gamigo\fiesta online na\reseffect\b_crackerhumar_ac_down_atk.nif
c:\gamigo\fiesta online na\reseffect\b_crackerhumar_attack.nif
c:\gamigo\fiesta online na\reseffect\b_crackerhumar_attack_op.nif
c:\gamigo\fiesta online na\reseffect\b_crackerhumar_die.nif
c:\gamigo\fiesta online na\reseffect\b_crackerhumar_drainsp_gr.nif
c:\gamigo\fiesta online na\reseffect\b_crackerhumar_drainsp_op.nif
c:\gamigo\fiesta online na\reseffect\b_crackerhumar_normal_atk.nif
c:\gamigo\fiesta online na\reseffect\b_crackerhumar_normal_wide.nif
c:\gamigo\fiesta online na\reseffect\b_crackerlooter_curse_wide.nif
c:\gamigo\fiesta online na\reseffect\firecracker.nif
c:\gamigo\fiesta online na\reseffect\firecracker01.nif
c:\gamigo\fiesta online na\reseffect\firecracker02.nif
c:\gamigo\fiesta online na\reseffect\hfirecracker00.nif
c:\gamigo\fiesta online na\reseffect\sta_crackeracdownloof.nif
c:\gamigo\fiesta online na\reseffect\sta_crackerdiseaseloof.nif
c:\gamigo\fiesta online na\resmap\field\bh_cracker\bh_cracker.conf
c:\gamigo\fiesta online na\resmap\field\bh_cracker\bh_cracker.nif
c:\gamigo\fiesta online na\resmap\field\bh_cracker\bh_cracker.shbd
c:\gamigo\fiesta online na\resmap\field\bh_cracker\bh_cracker.shmd
c:\gamigo\fiesta online na\resmap\field\b_cracker\b_cracker.conf
c:\gamigo\fiesta online na\resmap\field\b_cracker\b_cracker.nif
c:\gamigo\fiesta online na\resmap\field\b_cracker\b_cracker.shbd
c:\gamigo\fiesta online na\resmap\field\b_cracker\b_cracker.shmd
c:\gamigo\fiesta online na\resmap\field\b_cracker\darkcave_water.nif
c:\gamigo\fiesta online na\resmenu\minimap\bh_cracker.dds
c:\gamigo\fiesta online na\resmenu\minimap\b_cracker.dds
c:\gamigo\fiesta online na\ressystem\action\b_crackerhumar.dat
c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler6.dll
scanner sequence 3.ZZ.11.GUNANZ
 ----- EOF ----- 

  • 0

#9
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Rasuka.

Warning!

I noticed that you have more than one antivirus program installed and active. It is very important not to have more than one antivirus program active at one time. They work in background, continuously scanning and protecting your system. That function is called Real-Time Protection. Having two or more of them at one time not only multiplies the amount of system resources that are used all the time, but more importantly, the programs are always fighting with each other for control of the system. That causes system slowness, false positives, system crashes, as well as lower detection rates. You will very likely end up with little or no protection.

I can see that you're running two different programs: McAfee and Microsoft Security Essentials. For now, I'd like you to just turn off Microsoft Security Essentials until we get rid of the infection. After that, you'll have to remove one of them.

 
Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   9.65KB   164 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • FRST.txt log content
  • Addition.txt log content
  • Please tell me if your computer is running any better now

  • 0

#10
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I uninstalled  the microsoft software as for my computer it seems to start up faster and after the reboot the errors seemed to have disappeared but it is still taking a while to load programs and still running at 100% CPU. As for the logs here are the ones requested:-

 

Fixlog:-

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014

Ran by Rasuka at 2014-12-29 15:50:00 Run:1
Running from C:\Users\Rasuka\Desktop
Loaded Profiles: Rasuka &  (Available profiles: Rasuka)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
URLSearchHook: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - No File
URLSearchHook: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {341f4dac-1966-47ff-aacf-0ce175f1498a} - No File
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Del5288808] => cmd.exe /Q /D /c del "C:\Users\Rasuka\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Del8716821] => cmd.exe /Q /D /c del "C:\Users\Rasuka\AppData\Local\Temp\0.del" <===== ATTENTION
C:\Users\Rasuka\AppData\Local\Temp\0.del
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [YRPack] => regsvr32.exe C:\Users\Rasuka\AppData\Local\YRPack\ExGLCres54.dll <===== ATTENTION
C:\Users\Rasuka\AppData\Local\YRPack
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Ofics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Rasuka\AppData\Local\IWsoft\Dfrgmon2.dll
C:\Users\Rasuka\AppData\Local\IWsoft
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YRPack] => regsvr32.exe C:\Users\Rasuka\AppData\Local\YRPack\ExGLCres54.dll <===== ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Ofics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Rasuka\AppData\Local\IWsoft\Dfrgmon2.dll
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {279560F9-9C70-4028-9C2D-E477D827903C} URL = 
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {17AB2B29-6ACE-46AD-8F64-B68BE905FD42} URL = http://ca.search.yah...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2FEA9F96-D83A-4CD2-A535-672FE43303CF} URL = http://websearch.ask...CB-3666E76F966D
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...1I7LENN_enCA498
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {70BA3E6B-1059-2266-0B2C-40E4A85231B8} URL = http://www.ddlstart....eferrer:source}
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={FF5D710C-5738-4FFF-9748-51E1CB0928F1}&mid=c7b73156215347d0b0f2d5343d3d5734-fed77a202c9cf31e9f193f7498c12a3171a40e6f&lang=en&ds=gm011&pr=sa&d=2013-03-26 08:02:34&v=15.0.0.2&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> {E9FFB269-B854-4761-8C1C-BC5F324335E3} URL = http://ca.search.yah...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E9FFB269-B854-4761-8C1C-BC5F324335E3} URL = http://ca.search.yah...p={SearchTerms}
BHO-x32: No Name -> {452ADB5B-00BE-469D-A65F-3046146B2ED5} ->  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {6C3BC03F-D7B9-43AC-8931-C242E3CAE971} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {341F4DAC-1966-47FF-AACF-0CE175F1498A} -  No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll File Not found ()
Winsock: Catalog9 13 %SystemRoot%\system32\vsocklib.dll File Not found ()
Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll File Not found ()
Winsock: Catalog9-x64 13 %SystemRoot%\system32\vsocklib.dll File Not found ()
FF Extension: No Name - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}.oldbackup [2013-04-12]
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Chrome\Extension: [cdipjefcbnbcjgpgbgmpmcmgbmpjpjae] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Chrome\Extension: [effmnknpfaiehkmalhaggnbglpbkhane] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [cdipjefcbnbcjgpgbgmpmcmgbmpjpjae] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [effmnknpfaiehkmalhaggnbglpbkhane] - No Path
CHR HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cdipjefcbnbcjgpgbgmpmcmgbmpjpjae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - No Path
CHR HKLM-x32\...\Chrome\Extension: [effmnknpfaiehkmalhaggnbglpbkhane] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - No Path
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
2014-12-26 18:54 - 2014-12-26 18:54 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\fijryhfa
2014-12-24 19:06 - 2014-12-24 19:06 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\gnqunwbz
2014-12-23 21:21 - 2014-12-23 21:48 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\qxdbanzr
2014-12-21 17:40 - 2014-12-21 17:40 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\qtpcszcz
2014-12-21 15:30 - 2014-12-21 15:30 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\sxkykjhe
2014-12-21 14:57 - 2014-12-21 14:57 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\ovqzwhds
2014-12-21 14:51 - 2014-12-21 14:51 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\vaovhrak
C:\Users\Rasuka\ChromeSetup.exe
C:\Users\Rasuka\Setup.exe
C:\Users\Rasuka\SkypeSetupFull.exe
CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Rasuka\AppData\Roaming\ovqzwhds\tivesen.dll () <==== ATTENTION
Task: {6EBE2D24-B182-4F48-A502-0039FF69469B} - System32\Tasks\Microsoft\9a1b17f20e0af55e311550975b4aa24a => C:\Users\Rasuka\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION
C:\Users\Rasuka\AppData\Roaming\DownloadManager
Task: {74299258-8DAF-4BEF-9CDA-F9F30E7729E0} - System32\Tasks\Microsoft\a3d90235e1136671ab1195c6078184ff => C:\Users\Rasuka\AppData\Roaming\DownloadManager\Updater.exe <==== ATTENTION
Task: {C4E8C87A-F194-4320-8F46-807C437755C2} - System32\Tasks\4796 => Wscript.exe C:\Users\Rasuka\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {E6627E38-1E4B-47A9-BB9B-716B61F7A950} - System32\Tasks\Security Center Update - 2607807786 => C:\Users\Rasuka\AppData\Roaming\Usmexe\uhzut.exe <==== ATTENTION
C:\Users\Rasuka\AppData\Roaming\Usmexe
Task: {ED767B26-1937-459B-9C14-E6263B654D6B} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro_sch_DCF3584B-8D31-11E4-833B-9C4E3627E7DC.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:AD022376
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18545332.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29763148.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18545332.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29763148.sys => ""="Driver"
EmptyTemp:
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} => Value not found.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {341f4dac-1966-47ff-aacf-0ce175f1498a} => Value not found.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del5288808 => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del8716821 => value deleted successfully.
"C:\Users\Rasuka\AppData\Local\Temp\0.del" => File/Directory not found.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YRPack => value deleted successfully.
"C:\Users\Rasuka\AppData\Local\YRPack" => File/Directory not found.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ofics => value deleted successfully.
C:\Users\Rasuka\AppData\Local\IWsoft => Moved successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\YRPack => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Ofics => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully.
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{17AB2B29-6ACE-46AD-8F64-B68BE905FD42}" => Key deleted successfully.
HKCR\CLSID\{17AB2B29-6ACE-46AD-8F64-B68BE905FD42} => Key not found. 
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FEA9F96-D83A-4CD2-A535-672FE43303CF}" => Key deleted successfully.
HKCR\CLSID\{2FEA9F96-D83A-4CD2-A535-672FE43303CF} => Key not found. 
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70BA3E6B-1059-2266-0B2C-40E4A85231B8}" => Key deleted successfully.
HKCR\CLSID\{70BA3E6B-1059-2266-0B2C-40E4A85231B8} => Key not found. 
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9FFB269-B854-4761-8C1C-BC5F324335E3}" => Key deleted successfully.
HKCR\CLSID\{E9FFB269-B854-4761-8C1C-BC5F324335E3} => Key not found. 
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9FFB269-B854-4761-8C1C-BC5F324335E3}" => Key deleted successfully.
HKCR\CLSID\{E9FFB269-B854-4761-8C1C-BC5F324335E3} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{452ADB5B-00BE-469D-A65F-3046146B2ED5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{452ADB5B-00BE-469D-A65F-3046146B2ED5} => Key not found. 
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{{6C3BC03F-D7B9-43AC-8931-C242E3CAE971} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{{6C3BC03F-D7B9-43AC-8931-C242E3CAE971} => Key not found. 
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{{341F4DAC-1966-47FF-AACF-0CE175F1498A} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{{341F4DAC-1966-47FF-AACF-0CE175F1498A} => Key not found. 
"HKCR\PROTOCOLS\Handler\WSAMVCUchrome" => Key deleted successfully.
Winsock: Catalog entry 000000000012 => Deleted successfully.
Winsock: Catalog entry 000000000013 => Deleted successfully.
Winsock: Catalog entry 000000000012 => Deleted successfully.
Winsock: Catalog entry 000000000013 => Deleted successfully.
C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}.oldbackup => Moved successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\SOFTWARE\Google\Chrome\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae" => Key deleted successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\SOFTWARE\Google\Chrome\Extensions\cgpimkfhjdaobobdomcikioipaenlhke" => Key deleted successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\SOFTWARE\Google\Chrome\Extensions\effmnknpfaiehkmalhaggnbglpbkhane" => Key deleted successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\SOFTWARE\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki" => Key deleted successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae" => Key deleted successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\cgpimkfhjdaobobdomcikioipaenlhke" => Key deleted successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\effmnknpfaiehkmalhaggnbglpbkhane" => Key deleted successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cgpimkfhjdaobobdomcikioipaenlhke" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\effmnknpfaiehkmalhaggnbglpbkhane" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki" => Key deleted successfully.
X6va011 => Service deleted successfully.
X6va012 => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va016 => Service deleted successfully.
X6va017 => Service deleted successfully.
X6va021 => Service deleted successfully.
X6va022 => Service deleted successfully.
C:\Users\Rasuka\AppData\Roaming\fijryhfa => Moved successfully.
C:\Users\Rasuka\AppData\Roaming\gnqunwbz => Moved successfully.
C:\Users\Rasuka\AppData\Roaming\qxdbanzr => Moved successfully.
C:\Users\Rasuka\AppData\Roaming\qtpcszcz => Moved successfully.
C:\Users\Rasuka\AppData\Roaming\sxkykjhe => Moved successfully.
C:\Users\Rasuka\AppData\Roaming\ovqzwhds => Moved successfully.
C:\Users\Rasuka\AppData\Roaming\vaovhrak => Moved successfully.
C:\Users\Rasuka\ChromeSetup.exe => Moved successfully.
C:\Users\Rasuka\Setup.exe => Moved successfully.
C:\Users\Rasuka\SkypeSetupFull.exe => Moved successfully.
"HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6EBE2D24-B182-4F48-A502-0039FF69469B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EBE2D24-B182-4F48-A502-0039FF69469B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\9a1b17f20e0af55e311550975b4aa24a => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\9a1b17f20e0af55e311550975b4aa24a" => Key deleted successfully.
"C:\Users\Rasuka\AppData\Roaming\DownloadManager" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74299258-8DAF-4BEF-9CDA-F9F30E7729E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74299258-8DAF-4BEF-9CDA-F9F30E7729E0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\a3d90235e1136671ab1195c6078184ff => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\a3d90235e1136671ab1195c6078184ff" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4E8C87A-F194-4320-8F46-807C437755C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4E8C87A-F194-4320-8F46-807C437755C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\4796 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4796" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6627E38-1E4B-47A9-BB9B-716B61F7A950}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6627E38-1E4B-47A9-BB9B-716B61F7A950}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2607807786 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2607807786" => Key deleted successfully.
C:\Users\Rasuka\AppData\Roaming\Usmexe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED767B26-1937-459B-9C14-E6263B654D6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED767B26-1937-459B-9C14-E6263B654D6B}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\Windows\Tasks\SpeedyPC Pro_sch_DCF3584B-8D31-11E4-833B-9C4E3627E7DC.job => Moved successfully.
C:\ProgramData\Temp => ":AD022376" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\18545332.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\29763148.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\18545332.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\29763148.sys" => Key deleted successfully.
EmptyTemp: => Removed 7.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:06:35 ====
 
FRST Log:-
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Rasuka (administrator) on RASUKA-PC on 29-12-2014 21:46:56
Running from C:\Users\Rasuka\Desktop
Loaded Profile: Rasuka (Available profiles: Rasuka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\2.6.394.1\mcupdatemgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [378968 2012-01-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-30] (Synaptics)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-05-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [606024 2013-09-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-30] (Lenovo)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe [3244080 2012-04-06] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-28] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [423200 2008-07-11] (Sony Corporation)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-16] (LENOVO)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Rasuka\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Thunder] => C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe [1353672 2014-12-13] (深圳市迅雷网络技术有限公司)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2014-12-19] (Valve Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
Startup: C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(752).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...t&type=avastbcl
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...p={searchTerms}
BHO: ѸÀ×ÏÂÔØÖ§³Ö -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.30.4860.dll (深圳市迅雷网络技术有限公司)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ѸÀ×ÏÂÔØÖ§³Ö×é¼þ -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8AE1D0C4-7173-439A-A816-1CE62C27BD64}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CC6CA805-4581-4164-8FC0-492B3F3009C8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D3694D17-36C2-4024-9423-D8AEE6EFE184}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FE9367BC-57FD-431C-AFE2-10F4FBAC625F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1422646263-2310165737-2160699533-1001: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Thunder Extension - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C} [2014-12-13]
FF Extension: CallChannelManager Class - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7} [2014-11-11]
FF Extension: iMacros for Firefox - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-12-19]
FF Extension: RefControl - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2012-12-20]
FF Extension: Greasemonkey - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-12-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: No Name - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> google.ca_
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-21]
CHR Extension: (Google Docs) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-21]
CHR Extension: (Google Drive) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-21]
CHR Extension: (YouTube) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-21]
CHR Extension: (Google Search) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-21]
CHR Extension: (Tampermonkey) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-21]
CHR Extension: (Google Sheets) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-21]
CHR Extension: (Gmail) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-16] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164184 2012-04-16] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5434008 2013-08-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-26] (Electronic Arts)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-17] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2014-12-13] (ShenZhen Xunlei Networking Technologies,LTD)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-12-26] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-13] (TODO: <Company name>)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-29 16:36 - 2014-12-29 16:36 - 00002958 _____ () C:\Windows\SysWOW64\rsslogs.20141229163422
2014-12-29 10:07 - 2014-12-29 10:07 - 00002969 _____ () C:\Windows\SysWOW64\rsslogs.20141229100044
2014-12-29 09:30 - 2014-12-29 09:33 - 00011920 _____ () C:\Windows\SysWOW64\rsslogs.20141229092849
2014-12-28 18:17 - 2014-12-28 18:19 - 00011527 _____ () C:\Users\Rasuka\Desktop\ckfiles.txt
2014-12-28 17:53 - 2014-12-28 17:53 - 00003132 _____ () C:\Windows\System32\Tasks\{3BA1A2CC-ADC2-4769-9128-7D1F9D21A55E}
2014-12-28 17:45 - 2014-12-28 17:45 - 00468480 _____ () C:\Users\Rasuka\Desktop\CKScanner.exe
2014-12-28 15:41 - 2014-12-28 15:41 - 00000000 ____D () C:\Users\Rasuka\Desktop\FRST-OlderVersion
2014-12-28 12:37 - 2014-12-28 12:37 - 00000020 ___SH () C:\Users\Rasuka\ntuser.ini
2014-12-28 11:15 - 2014-12-28 11:15 - 00308360 _____ () C:\Windows\Minidump\122814-59514-01.dmp
2014-12-28 08:20 - 2014-12-28 08:20 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-28 08:20 - 2014-12-28 08:20 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-28 08:20 - 2014-12-28 08:20 - 00000000 _____ () C:\Users\Rasuka\AppData\Local\{D7C78B3C-29B7-4F9D-9D6D-05D8D4771822}
2014-12-28 08:06 - 2014-12-28 08:06 - 00003186 _____ () C:\Windows\SysWOW64\rsslogs.20141228080627
2014-12-27 21:28 - 2014-12-29 22:00 - 00038610 _____ () C:\Users\Rasuka\Desktop\FRST.txt
2014-12-27 21:26 - 2014-12-28 15:41 - 02123264 _____ (Farbar) C:\Users\Rasuka\Desktop\FRST64.exe
2014-12-27 19:25 - 2014-12-29 21:52 - 00000000 ____D () C:\FRST
2014-12-27 15:45 - 2014-12-27 16:15 - 00006372 _____ () C:\Windows\SysWOW64\rsslogs.20141227154136
2014-12-27 13:32 - 2014-12-28 13:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-27 10:17 - 2014-12-28 13:36 - 00000000 ____D () C:\ProgramData\Norton
2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-27 10:01 - 2014-12-27 10:02 - 00002910 _____ () C:\Windows\SysWOW64\rsslogs.20141227095652
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean.tmp
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean
2014-12-26 19:53 - 2014-12-26 19:53 - 00000398 _____ () C:\Windows\Tasks\RegInOut on user logon - Rasuka.job
2014-12-26 19:52 - 2014-12-26 19:52 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-12-26 19:49 - 2014-12-26 19:49 - 00000235 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
2014-12-26 19:31 - 2014-12-29 21:37 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:31 - 2014-12-29 21:37 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:22 - 2014-12-26 21:45 - 00000000 ____D () C:\ProgramData\Backup
2014-12-26 18:55 - 2014-12-26 18:55 - 00001101 _____ () C:\Users\Public\Desktop\RegInOut System Utilities.lnk
2014-12-26 18:55 - 2014-12-26 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegInOut System Utilities
2014-12-26 18:55 - 2014-12-26 18:55 - 00000000 ____D () C:\Program Files (x86)\RegInOut System Utilities
2014-12-26 18:18 - 2014-12-26 21:00 - 00000000 ____D () C:\ProgramData\RegInOut
2014-12-26 15:13 - 2014-12-26 15:13 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-26 15:11 - 2014-12-26 15:11 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2014-12-26 15:11 - 2014-12-26 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-12-26 15:09 - 2014-12-26 15:09 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-12-26 14:04 - 2014-12-26 14:04 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\SpeedyPC Software
2014-12-26 14:02 - 2014-12-26 17:47 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-12-26 09:25 - 2014-12-26 09:25 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-12-25 12:22 - 2014-12-25 15:20 - 00000752 _____ () C:\Windows\DtcInstall.log
2014-12-25 11:01 - 2014-12-25 11:19 - 00001446 _____ () C:\Windows\comsetup.log
2014-12-25 10:38 - 2014-12-25 10:38 - 00000002 _____ () C:\$UpgDrv$
2014-12-25 10:37 - 2014-12-25 10:37 - 00001594 _____ () C:\Windows\CompatibilityIssues.txt
2014-12-25 10:20 - 2014-12-26 09:25 - 00000000 ____D () C:\$UPGRADE.~OS
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagwrn.xml
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagerr.xml
2014-12-24 20:16 - 2014-12-24 20:16 - 00455136 ____T () C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll
2014-12-24 20:16 - 2014-12-24 20:16 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\CrashRpt
2014-12-24 20:15 - 2014-12-24 20:15 - 00000872 _____ () C:\Users\Rasuka\Desktop\SIW x64 Home Edition.lnk
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____H () C:\Users\Rasuka\Documents\Default.rdp
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
2014-12-24 20:14 - 2014-12-24 20:15 - 00000000 ____D () C:\Program Files\SIW Home Edition
2014-12-24 20:10 - 2014-12-24 20:11 - 00000916 _____ () C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
2014-12-24 20:08 - 2014-12-24 20:08 - 00000099 _____ () C:\Windows\Reimage.ini
2014-12-24 19:43 - 2014-12-27 10:08 - 00000000 ____D () C:\Windows\pss
2014-12-24 18:43 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-12-24 18:27 - 2014-12-24 18:27 - 00305192 _____ () C:\Windows\Minidump\122414-8112-01.dmp
2014-12-24 11:23 - 2014-12-24 11:23 - 00305000 _____ () C:\Windows\Minidump\122414-45427-01.dmp
2014-12-23 23:03 - 2014-12-23 23:03 - 00000000 ____D () C:\ProgramData\F-Secure
2014-12-23 21:13 - 2014-12-26 13:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-23 21:06 - 2014-12-23 21:06 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\71490227.sys
2014-12-23 20:36 - 2014-12-23 21:48 - 00000000 ____D () C:\Users\Rasuka\Downloads\tdsskiller
2014-12-23 20:36 - 2014-12-23 20:37 - 05198336 _____ (AVAST Software) C:\Users\Rasuka\Downloads\aswMBR.exe
2014-12-23 20:35 - 2014-12-23 20:35 - 04166770 _____ () C:\Users\Rasuka\Downloads\tdsskiller.zip
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\system32\NV
2014-12-23 19:52 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-23 19:18 - 2014-12-23 19:19 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141223191743
2014-12-23 19:01 - 2014-12-23 19:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 14:13 - 2014-12-29 11:09 - 00136704 ___SH () C:\Users\Rasuka\Thumbs.db
2014-12-21 22:09 - 2014-12-21 22:09 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-21 22:09 - 2014-12-21 22:09 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-21 22:09 - 2014-12-21 22:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-21 22:09 - 2014-12-21 22:09 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-21 22:09 - 2014-12-21 22:09 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-21 22:09 - 2014-12-21 22:09 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-21 22:09 - 2014-12-21 22:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-21 22:08 - 2014-12-21 22:09 - 00003397 _____ () C:\Windows\IE9_main.log
2014-12-21 20:25 - 2014-12-23 20:38 - 00000424 _____ () C:\Windows\system32\.crusader
2014-12-21 19:10 - 2014-12-21 19:10 - 00003136 _____ () C:\Windows\System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C}
2014-12-21 18:59 - 2014-12-21 20:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-21 18:59 - 2014-12-21 18:59 - 11222744 _____ (SurfRight B.V.) C:\Users\Rasuka\Downloads\HitmanPro_x64.exe
2014-12-21 18:41 - 2014-12-28 11:14 - 1040839030 _____ () C:\Windows\MEMORY.DMP
2014-12-21 18:41 - 2014-12-21 18:41 - 00287584 _____ () C:\Windows\Minidump\122114-17612-01.dmp
2014-12-21 18:29 - 2014-12-22 09:07 - 00001424 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-21 18:26 - 2014-12-29 09:26 - 00029658 _____ () C:\Windows\PFRO.log
2014-12-21 18:19 - 2014-12-21 18:19 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-21 18:19 - 2014-12-21 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-21 18:18 - 2014-12-29 21:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 18:18 - 2014-12-29 16:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 18:16 - 2014-12-29 21:45 - 00675974 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 18:15 - 2014-12-21 18:15 - 00003284 _____ () C:\Windows\SysWOW64\rsslogs.20141221181208
2014-12-21 18:11 - 2014-12-29 21:35 - 00002179 _____ () C:\Windows\setupact.log
2014-12-21 18:11 - 2014-12-25 10:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-21 15:32 - 2014-12-21 15:32 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 15:31 - 2014-12-23 19:53 - 00000000 ____D () C:\AdwCleaner
2014-12-21 15:30 - 2014-12-21 15:30 - 02173952 _____ () C:\Users\Rasuka\Downloads\AdwCleaner.exe
2014-12-21 15:30 - 2014-12-21 15:30 - 01707646 _____ (Thisisu) C:\Users\Rasuka\Downloads\JRT.exe
2014-12-21 15:20 - 2014-12-21 15:21 - 124144376 _____ (Microsoft Corporation) C:\Users\Rasuka\Downloads\msert.exe
2014-12-21 15:06 - 2014-12-21 15:06 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141221150518
2014-12-17 20:10 - 2014-12-17 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-16 09:30 - 2014-12-21 15:05 - 00000304 _____ () C:\Windows\system32\TemporarFileConfiguration
2014-12-15 20:50 - 2014-12-15 20:53 - 00000000 ____D () C:\Users\Rasuka\衝上雲霄
2014-12-13 10:35 - 2014-12-14 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
2014-12-13 10:35 - 2014-12-14 22:02 - 00000000 ____D () C:\Program Files\Common Files\Thunder Network
2014-12-13 10:34 - 2014-12-13 10:34 - 00000020 _____ () C:\Windows\SysWOW64\pub_store.dat
2014-12-13 10:34 - 2014-12-13 10:34 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\ѸÀ×ÓÎÏ·
2014-12-13 10:34 - 2014-12-13 10:32 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\atl90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00001857 _____ () C:\Windows\system32\Microsoft.VC90.CRT.manifest
2014-12-13 10:34 - 2014-12-13 10:32 - 00000466 _____ () C:\Windows\system32\Microsoft.VC90.ATL.manifest
2014-12-13 10:33 - 2014-12-13 14:20 - 00000000 ____D () C:\Users\Public\Thunder Network
2014-12-13 10:33 - 2014-12-13 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷
2014-12-13 10:33 - 2014-12-13 10:33 - 00001340 _____ () C:\Users\Rasuka\Desktop\迅雷7.lnk
2014-12-13 10:32 - 2014-12-21 19:12 - 00000000 ____D () C:\Program Files (x86)\Thunder Network
2014-12-13 10:32 - 2014-12-13 10:35 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-12-13 10:28 - 2014-12-13 10:32 - 32010184 _____ (深圳市迅雷网络技术有限公司) C:\Users\Rasuka\Downloads\Thunder_dl_7.9.30.4860.exe
2014-12-12 15:22 - 2014-12-12 15:22 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141212152137
2014-12-10 22:03 - 2014-12-10 22:03 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 15:27 - 2014-12-10 15:27 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141210152457
2014-12-09 23:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 23:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 15:52 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 15:52 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 15:51 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 15:50 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 15:50 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 15:50 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 15:50 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 15:50 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 15:50 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-06 23:19 - 2014-12-06 22:16 - 00894085 _____ (JamesR) C:\Users\Rasuka\Desktop\Le Bot 8.3.exe
2014-12-06 22:16 - 2014-12-06 22:16 - 00894085 _____ (JamesR) C:\Users\Rasuka\Downloads\Le Bot 8.3.exe
2014-12-05 22:02 - 2014-12-05 22:04 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Risoquz
2014-12-04 23:29 - 2014-12-04 23:29 - 00000000 ____D () C:\Users\Rasuka\Downloads\Cubis Deluxe + Serial & Cubis Gold 2 + Crack
2014-12-03 18:52 - 2014-12-03 18:52 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-02 11:32 - 2014-12-02 11:32 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141202105225
2014-11-29 11:43 - 2014-11-29 11:59 - 00000046 _____ () C:\Users\Rasuka\AppData\Roaming\CoreAVC.ini
2014-11-29 11:32 - 2014-12-01 20:33 - 00000000 ___HD () C:\sohucache
2014-11-29 11:32 - 2014-11-29 13:28 - 00000000 ____D () C:\SHDownload
2014-11-29 11:32 - 2014-11-29 11:42 - 00000000 ____D () C:\Users\Rasuka\Documents\搜狐影音
2014-11-29 11:32 - 2014-11-29 11:32 - 00000000 ____D () C:\Users\Rasuka\Documents\ËѺüÓ°Òô
2014-11-29 11:31 - 2014-11-29 11:32 - 00000000 ____D () C:\Program Files (x86)\搜狐影音
2014-11-29 11:31 - 2014-11-29 11:31 - 00001914 _____ () C:\Users\Rasuka\Desktop\搜狐影音游戏大厅.lnk
2014-11-29 11:31 - 2014-11-29 11:31 - 00001880 _____ () C:\Users\Rasuka\Desktop\搜狐影音.lnk
2014-11-29 11:31 - 2014-11-29 11:31 - 00001858 _____ () C:\Users\Rasuka\Desktop\高清热播影视剧.lnk
2014-11-29 11:31 - 2014-11-29 11:31 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Temp尰
2014-11-29 11:31 - 2014-11-29 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音
2014-11-29 11:30 - 2014-11-29 11:31 - 16785352 _____ (搜狐公司 SOHU .COM INC) C:\Users\Rasuka\Downloads\SoHuVA_4.2.0.16-c700001001-x.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-29 21:51 - 2014-11-01 11:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 21:50 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 21:50 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 21:48 - 2012-08-26 00:23 - 00010232 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-29 21:46 - 2012-05-30 18:32 - 00000000 ____D () C:\ProgramData\VeriFace
2014-12-29 21:46 - 2009-07-14 00:13 - 00791388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 21:43 - 2012-08-26 00:12 - 00000000 ____D () C:\Users\Rasuka\Tracing
2014-12-29 21:40 - 2013-04-12 16:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-29 21:38 - 2014-11-25 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 21:37 - 2012-10-03 23:07 - 03383866 _____ () C:\FaceProv.log
2014-12-29 21:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 15:55 - 2012-08-25 23:49 - 00000000 ___SD () C:\Users\Rasuka
2014-12-28 21:15 - 2014-11-14 22:03 - 00007597 _____ () C:\Users\Rasuka\AppData\Local\resmon.resmoncfg
2014-12-28 19:52 - 2014-10-12 07:15 - 00001939 _____ () C:\Users\Rasuka\Desktop\ Mabinogi .lnk
2014-12-28 18:07 - 2012-08-26 08:14 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\uTorrent
2014-12-28 17:00 - 2012-08-26 08:05 - 00000416 _____ () C:\Windows\Tasks\RegCure Program Check.job
2014-12-28 14:10 - 2012-05-30 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-28 13:41 - 2013-01-25 08:29 - 00000000 ____D () C:\Users\Rasuka\New folder (2)
2014-12-28 12:29 - 2009-07-14 00:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-28 11:15 - 2013-12-28 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 08:16 - 2012-08-26 08:05 - 00000398 _____ () C:\Windows\Tasks\RegCure.job
2014-12-27 20:23 - 2013-04-09 16:55 - 00000000 ____D () C:\Users\Rasuka\Documents\Just Another Day with you
2014-12-27 15:08 - 2013-03-17 08:54 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Skype
2014-12-27 15:06 - 2013-03-17 08:54 - 00000000 ____D () C:\ProgramData\Skype
2014-12-27 15:05 - 2014-11-15 08:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-27 14:51 - 2014-10-03 10:26 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-26 20:34 - 2013-01-10 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2014-12-26 19:45 - 2014-10-29 16:54 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-26 19:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 09:39 - 2012-08-29 15:28 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-12-26 09:39 - 2012-08-26 10:08 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-12-26 09:39 - 2012-08-26 08:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-12-26 09:39 - 2012-08-26 05:14 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-26 09:39 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-26 09:39 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-26 09:21 - 2010-11-20 09:42 - 00000000 ____D () C:\$WINDOWS.~BT
2014-12-24 18:47 - 2012-08-26 00:45 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker
2014-12-24 18:14 - 2014-02-16 19:24 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-23 21:56 - 2012-08-25 23:48 - 00000000 ____D () C:\Recovery
2014-12-23 21:48 - 2014-10-19 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-23 21:48 - 2012-11-12 08:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-23 21:48 - 2012-08-25 23:49 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-23 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-23 21:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-23 20:03 - 2014-03-23 07:23 - 00000000 ____D () C:\Temp
2014-12-23 20:03 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-22 16:12 - 2013-03-18 10:45 - 00000000 ____D () C:\Users\Rasuka\New folder (3)
2014-12-22 15:59 - 2014-11-14 16:07 - 00000000 ____D () C:\Users\Rasuka\Downloads\Flockers-FLT
2014-12-22 15:42 - 2014-09-08 07:12 - 00000000 ____D () C:\Users\Rasuka\Documents\Chemical Lab Tech
2014-12-22 09:07 - 2012-08-25 23:50 - 00001418 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-21 18:27 - 2011-02-24 12:03 - 00000000 ____D () C:\Windows\Panther
2014-12-21 18:19 - 2012-08-26 00:26 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Google
2014-12-21 18:19 - 2012-05-30 18:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-21 18:18 - 2012-05-30 18:37 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-21 18:18 - 2012-05-30 18:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-12-21 09:33 - 2013-04-14 09:33 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Deployment
2014-12-20 10:19 - 2014-11-22 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 22:06 - 2009-07-13 21:34 - 00001512 ___SH () C:\Windows\system32\Drivers\etc\hosts.hitmanpro
2014-12-18 18:46 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-17 21:40 - 2013-06-10 13:48 - 00000000 ____D () C:\Users\Rasuka\New folder (4)
2014-12-17 18:41 - 2014-10-23 14:54 - 00000000 ____D () C:\Program Files (x86)\Granado Espada Online
2014-12-14 15:01 - 2012-08-28 21:34 - 00000000 ____D () C:\Users\Rasuka\Documents\Youcam
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 05:08 - 2014-02-16 19:18 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-13 05:08 - 2012-05-30 18:09 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 01097360 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 03:03 - 2012-05-30 18:10 - 00628040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-12 22:38 - 2014-11-25 21:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 22:12 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 22:05 - 2014-11-25 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 22:05 - 2014-11-25 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-12 18:11 - 2012-05-30 18:10 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-12 15:25 - 2014-01-10 11:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 22:03 - 2014-04-29 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 15:51 - 2012-08-26 08:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 15:47 - 2013-07-16 06:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 15:34 - 2012-08-26 00:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 15:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-12-09 13:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-12-07 18:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-12-06 10:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-12-03 18:52 - 2014-11-01 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 18:52 - 2014-11-01 11:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 16:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-02 14:56 - 2014-05-09 21:20 - 00000000 ____D () C:\ProgramData\Origin
2014-12-02 14:55 - 2014-05-09 21:20 - 00000000 ____D () C:\Program Files (x86)\Origin
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-27 17:11
 
==================== End Of Log ============================
 
Additions Log:-
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Rasuka at 2014-12-29 22:08:40
Running from C:\Users\Rasuka\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A Walk in the Dark (HKLM-x32\...\Steam App 248730) (Version:  - )
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\Adobe_ced94c8db6b9767b7dd95a4c64ecdc8) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Aimersoft Video Converter Ultimate(Build 6.4.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.4.1.0 - Aimersoft Software)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.3042.60281 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.3042.60281 - Alcor Micro Corp.) Hidden
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
All Sound Recorder XP 2.30 (HKLM-x32\...\All Sound Recorder XP_is1) (Version:  - MP3DO, Inc.)
Anvil Studio (HKLM-x32\...\{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}) (Version: 14.03.01 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{BC3AFA60-3E98-4F5B-81B7-0A919050C0D7}) (Version: 12.12.07 - Willow Software)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Brownie (HKLM-x32\...\{F40CA00E-B365-448A-B146-BC061F1230A0}) (Version: 1.0.2 - Hotarugirl)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.50 - Conexant)
Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.0.0.07110 - Sony Corporation)
CoreAAC (HKLM-x32\...\CoreAAC) (Version:  - )
Costume Quest (HKLM-x32\...\Costume Quest_is1) (Version:  - )
Crazy Plant Shop (HKLM-x32\...\Crazy Plant Shop1.1) (Version: 1.1 - Foxy Games)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Disney Epic Mickey 2 (HKLM-x32\...\{FD86651E-5875-4964-9E18-7F128292EBB1}) (Version: 1.00.0000 - Disney Interactive Studios)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
FATE (HKLM-x32\...\Steam App 246840) (Version:  - WildTangent)
FATE: Undiscovered Realms (HKLM-x32\...\Steam App 276890) (Version:  - WildTangent)
Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.01.516 - Gamigo games)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.54 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version:  - IMC Games Co., Ltd.)
Grimm (HKLM-x32\...\Steam App 252150) (Version:  - Spicyhorse Games)
Hexic Deluxe (HKLM-x32\...\{E26DE186-3540-4489-83D0-8BFFBFBDBBC8}) (Version: 1.0.0 - Zone.com Deluxe Games)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Knights of Pen and Paper (HKLM-x32\...\Knights of Pen and Paper_is1) (Version:  - Paradox Interactive)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.7 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.7 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3807 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3807 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.0.29 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Media Manager for WALKMAN 1.2 (HKLM-x32\...\{5A6ED905-D19D-4954-8499-0DAF386460F7}) (Version: 1.2.771 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
ѸÀ×7 (HKLM-x32\...\thunder_is1) (Version: 7.9.30.4860 - ѸÀ×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PrintMusic! 2000 (HKLM-x32\...\PrintMusic! 2000) (Version:  - )
QBeez 2 (HKLM-x32\...\QBeez 2_is1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RegCure (HKLM-x32\...\RegCure) (Version: 3.0.2.0 - ParetoLogic, Inc.)
RegInOut System Utilities (HKLM-x32\...\RegInOut System Utilities_is1) (Version: 4.0 - SORCIM Technologies Pvt Ltd)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds_is1) (Version:  - )
Ricochet Xtreme (HKLM-x32\...\Ricochet Xtreme Retail_is1) (Version:  - Reflexive Entertainment, Inc.)
Rogue Legacy version 0.0.0.9 (HKLM-x32\...\Rogue Legacy_is1) (Version: 0.0.0.9 - WaLMaRT)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SharpEye Music Reader 2 (HKLM-x32\...\SharpEye Music Reader 2) (Version:  - Visiv)
SIW x64 Home Edition (HKLM\...\{0927321C-2FD4-43DF-94A6-FC2FB355A7A7}_is1) (Version: 2014.10.16 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version:  - KING Art)
The Book of Unwritten Tales: The Critter Chronicles (HKLM-x32\...\Steam App 221830) (Version:  - KING Art)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version:  - SQUARE ENIX)
The Witch's Yarn (HKLM-x32\...\Steam App 287740) (Version:  - Mousechief)
TRENDnet TEW-648UB Wireless N USB Adapter (HKLM-x32\...\{74A8117D-07C6-4222-AFFD-51421B69DEF0}) (Version: 1.00.0000 - TRENDnet)
Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version:  - Reality Pump Studios)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Violett (HKLM-x32\...\Steam App 257830) (Version:  - Forever Entertainment S. A.)
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Driver Package - Lenovo Corporation (LAD) System  (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
搜狐影音 (HKLM-x32\...\搜狐影音) (Version: 0.0.0.0 - 搜狐公司)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
27-12-2014 12:56:16 Windows Update
28-12-2014 13:57:36 Removed Realtek Ethernet Controller All-In-One Windows Driver
29-12-2014 15:50:24 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-26 19:45 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.79.59 www.google-analytics.com.
85.25.79.59 google-analytics.com.
85.25.79.59 connect.facebook.net.
95.141.32.73 www.google-analytics.com.
95.141.32.73 google-analytics.com.
95.141.32.73 connect.facebook.net.
192.95.55.231 www.google-analytics.com.
192.95.55.231 google-analytics.com.
192.95.55.231 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01460E55-9406-4C8C-BAB5-7121AB10BF2A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {025A6CEF-C5AE-448C-8430-F0DA437902B9} - System32\Tasks\{F3BC409F-9772-4B6D-A738-4B8CD4912D11} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {0C9F50CC-E1ED-4DB7-822D-5557292AC80B} - System32\Tasks\{FEE8E489-4C4C-4BCB-BDB5-227194F09DCF} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {0D91EB19-AAB1-4274-8D64-1200DCC7A465} - System32\Tasks\{823FE0E4-B8C5-4B7C-A54E-C46D2DBD4573} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"
Task: {13A8472B-4D1B-40F8-A876-8CE8A422F41D} - System32\Tasks\RegCure Program Check => C:\Program Files (x86)\RegCure\RegCure.exe [2010-06-13] ()
Task: {185E1C55-F5D1-48F6-AC26-FC3F4438B3EF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1422646263-2310165737-2160699533-1001
Task: {1D20654C-A8B8-44D8-B766-52109305D06F} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {21EBCB66-353E-4E1D-AE3F-2D12330C721C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NICMJNDJCMKJBJ"
Task: {22854C27-DDEA-4088-A6FF-35D963A7EDF3} - System32\Tasks\{E5BFC2D6-BDAB-40AE-9DEF-4DC68F2F500F} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {2345D6B0-CAFD-4E59-B8BD-4B090F69CF16} - System32\Tasks\RegCure => C:\Program Files (x86)\RegCure\RegCure.exe [2010-06-13] ()
Task: {2A2FEAEB-FFF7-4095-BD71-F985AEBAD5DE} - System32\Tasks\{D12BF48A-CC03-43AB-9EC3-99FED05B2D7A} => pcalua.exe -a "C:\Program Files (x86)\BlueStacks\HD-RuntimeUninstaller.exe"
Task: {346E7C27-6B5F-4759-9820-26CC924CE0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {38DA9148-2EF2-4AEB-BC87-F3199E506247} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3D7C4A06-AD25-4063-8F48-EF7F635906DD} - System32\Tasks\{E5CC5A64-52CF-4623-B2C7-562AFE7CA212} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {469E4821-5767-48F5-85FD-9222334165A8} - System32\Tasks\{CEA399DE-E27B-4EC5-914B-C87A23C3500F} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"
Task: {47F257D5-1098-42A9-BBFE-856B2FAD1054} - System32\Tasks\{2A70A94C-0F7F-4C71-A6B8-46E26D6B249B} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {4D24C1F9-4217-4A50-B31E-BD9877BAD97C} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {5069E668-DF1A-4390-AB73-B66ECF3C43DF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {52B267EA-BE0E-4BA3-B3FC-9FA7F59BCA97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {5713371C-95A7-4917-ADED-232652F8C983} - System32\Tasks\{724FF4FC-7D91-454A-8AB7-9EAE5EF40960} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {5B6E992A-10E7-4E7B-8C4F-F05FC2F376B7} - System32\Tasks\{3BA1A2CC-ADC2-4769-9128-7D1F9D21A55E} => pcalua.exe -a C:\Users\Rasuka\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {5DDCFCD0-E807-4966-99C7-9CC479E588D2} - System32\Tasks\{E49F7C0D-F95A-47DC-AE9C-4E1E49F9390F} => pcalua.exe -a C:\Users\Rasuka\0wto11ww.exe -d C:\Users\Rasuka
Task: {6BA6068E-5650-46EB-8D88-37A2B326A1C8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {6EF09F29-7244-4BBF-94CE-D3FE3602FB51} - System32\Tasks\{45EA421A-51C9-4779-BABF-8240F25648FD} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1
Task: {707CADC8-4B7F-431E-8761-34F2668616BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72CF49A3-4A4B-471F-9AD6-60E504295D6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {749B25FB-5C8B-47A8-844C-B0F33197959E} - System32\Tasks\{FF3BA0B8-F3B1-435C-B6AF-C7D4A4F46508} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {8988B92E-0B73-44E3-9435-A8BEE01FC290} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-30] (RealNetworks, Inc.)
Task: {8A567B82-3ED9-452E-AE54-C4EBC2E271A9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {9D80D751-04A3-4441-BEF6-108B9AAC389C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E65973D-8B00-4AE0-BCDF-529573DEE661} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {9E840021-2EFA-4CE3-AF21-47F1C98F1E16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {A09EB468-DC96-47AC-95EB-C736B09E190D} - System32\Tasks\{3B3FD31A-46A5-418E-80F1-BCC52686A04A} => pcalua.exe -a "C:\Remote Programs\Chicken Invaders 3\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=742650;name=Chicken Invaders 3;dir=C:\Remote Programs\Chicken Invaders 3\;prvid=143;cmdid=1;prvdir=Default
Task: {A2678D7C-B865-45C2-9490-EC8780D52250} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {A4C494A6-4C0A-4C39-8B84-DE489882957B} - System32\Tasks\{B4A23E6E-C0C0-4CA5-9481-633B8CE5467A} => pcalua.exe -a "C:\Users\Rasuka\Adobe Master Collection CS4\Adobe Master Collection CS4\Adobe CS4 Master Collection - Shadeyman\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent
Task: {AA8E2498-F463-4421-B4B9-7ED3506F056A} - System32\Tasks\{E233E265-7560-4FDF-88AD-B2514D009AD1} => pcalua.exe -a C:\Users\Rasuka\Downloads\t-engine-launcher.exe -d C:\Users\Rasuka\Downloads
Task: {AEC66460-48AF-4979-9C0F-660464DC180A} - System32\Tasks\{BB11BA80-79B8-4893-8223-A26E64A7486A} => pcalua.exe -a "C:\Users\Rasuka\Downloads\Horns 2013\WMP x264 Codec Pack.exe" -d "C:\Users\Rasuka\Downloads\Horns 2013"
Task: {AF4C5C27-F3E6-4FB6-A49A-7A0C1F25831E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {B50B6778-5740-4285-A22F-6764F157C83C} - System32\Tasks\{36D133A2-797D-4CD0-AD2C-763552ED6126} => pcalua.exe -a C:\Users\Rasuka\caiu15us.exe -d C:\Users\Rasuka
Task: {B8048D3B-84B0-400E-93D7-311832C64D8C} - System32\Tasks\{8BA15FFB-045D-45EB-9020-A6C37C8646AE} => pcalua.exe -a "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs\overball-setup.exe" -d "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs"
Task: {C632E5A5-C9EF-4CE7-A1C7-0D63D0B50AEB} - System32\Tasks\{87E18A00-70D7-4E23-8C0E-A96BD4689162} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {D0F8BF60-CA54-4552-BCCC-ACAD036724B7} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {E70CDEF9-7D08-4A58-ACCA-D1B5BA65651E} - System32\Tasks\{BA0D7B23-D099-401C-A2AA-E0DD6CB74988} => pcalua.exe -a "C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe" -d "C:\Program Files (x86)\Reason\Should I Remove It\"
Task: {E917B792-DBA4-4B94-971A-D99271FB5DF3} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-05] (Intel)
Task: {EAEEF2C9-DD4B-4BDE-8DD3-6E4C76426337} - System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C} => pcalua.exe -a "C:\Program Files (x86)\Thunder Network\Thunder\ThunderUninstall.exe"
Task: {EE9D73D2-AA24-421B-A05C-C075CC325A5B} - System32\Tasks\{4EF5DBBA-8C36-4DF5-BB7E-0DFC7D116955} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {F378FFE8-12D2-4B52-9FE5-ECED93D5AFED} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {FAE7BE10-0F93-4D10-9C7E-4F150E028997} - System32\Tasks\{4A51568A-7C5C-433B-A3C3-21CFEAD0EBEC} => pcalua.exe -a "C:\Remote Programs\Azteca\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=529250;name=Azteca;dir=C:\Remote Programs\Azteca\;prvid=143;cmdid=1;prvdir=Default
Task: {FEE02C20-EAE0-4317-9099-9B4E19D328C0} - System32\Tasks\{C7CAA15D-063A-45B7-BAF2-FC8F6EF10B5E} => pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegCure Program Check.job => C:\Program Files (x86)\RegCure\regcure.exe
Task: C:\Windows\Tasks\RegCure.job => C:\Program Files (x86)\RegCure\regcure.exe
Task: C:\Windows\Tasks\RegInOut on user logon - Rasuka.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-30 18:10 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-30 01:17 - 2014-07-30 01:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-30 04:04 - 2014-07-30 04:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-07-12 16:55 - 2008-06-26 18:09 - 00167936 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2014-11-02 09:42 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 18:22 - 2012-05-30 18:42 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2013-07-12 16:55 - 2012-01-05 16:53 - 00606208 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
2012-05-30 18:16 - 2012-04-16 02:17 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-17 21:52 - 2014-10-17 21:52 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-12-13 10:33 - 2014-12-13 10:32 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll
2014-12-13 10:33 - 2014-12-13 10:32 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll
2014-10-18 11:00 - 2014-10-18 11:00 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-05-30 18:05 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-30 18:16 - 2012-03-28 09:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00021040 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00089136 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\CommonTools.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1422646263-2310165737-2160699533-500 - Administrator - Disabled)
Guest (S-1-5-21-1422646263-2310165737-2160699533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1422646263-2310165737-2160699533-1003 - Limited - Enabled)
Rasuka (S-1-5-21-1422646263-2310165737-2160699533-1001 - Administrator - Enabled) => C:\Users\Rasuka
 
==================== Faulty Device Manager Devices =============
 
Name: MagicISO SCSI Host Controller
Description: MagicISO SCSI Host Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: MagicISO, Inc.
Service: mcdbus
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/29/2014 09:37:13 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/29/2014 09:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 04:37:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcshield.exe, version: 1.1.3.178, time stamp: 0x53d17f6f
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0xef0
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3
 
Error: (12/29/2014 04:37:23 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005
 
Error: (12/29/2014 04:37:21 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005
 
Error: (12/29/2014 04:34:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/29/2014 04:34:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 10:21:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report Id: mmc.exe3
 
Error: (12/29/2014 10:00:37 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/29/2014 10:00:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/29/2014 09:43:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (12/29/2014 09:42:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (12/29/2014 09:42:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (12/29/2014 09:41:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (12/29/2014 09:41:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (12/29/2014 09:37:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/29/2014 09:37:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (12/29/2014 09:35:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:39:09 PM on ‎29/‎12/‎2014 was unexpected.
 
Error: (12/29/2014 04:38:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Anti-Malware Core service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (12/29/2014 04:34:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
Microsoft Office Sessions:
=========================
Error: (12/29/2014 09:37:13 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/29/2014 09:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 04:37:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcshield.exe1.1.3.17853d17f6fntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4ef001d023af3033eadcC:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dlle4fb4480-8fa2-11e4-b459-047d7bd9bec7
 
Error: (12/29/2014 04:37:23 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: c0000005
 
Error: (12/29/2014 04:37:21 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: c0000005
 
Error: (12/29/2014 04:34:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/29/2014 04:34:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 10:21:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mmc.exe6.1.7600.163854a5bc808KERNELBASE.dll6.1.7601.184095315a05ae0434f4d000000000000940d
 
Error: (12/29/2014 10:00:37 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/29/2014 10:00:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 29%
Total physical RAM: 8053.2 MB
Available physical RAM: 5672.34 MB
Total Pagefile: 20132.2 MB
Available Pagefile: 16876.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:113.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.79 GB) NTFS
Drive f: () (Removable) (Total:7.39 GB) (Free:2.77 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 5226011C)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 52260118)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.3 GB) - (Type=12)
 
========================================================
Disk: 2 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
at least this scan didn't take too long this time it's an improvement :D also it didn't randomly freeze up while running the scan :)

  • 0

Advertisements


#11
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

o one more thing I noticed that mcbus error shows up I actually removed the Magic iso program because it was causing my computer to BSOD at some point that and ntskrol.exe it actually happened multiple times before i uninstalled Magic ISO and ever since then I have been getting that error. As for before this regsvr32 errors were happening, I wasn't able to connect to my home network even though the internet was working fine. I tried a winsock reset and nothing seemed to work the only thing that seemed to work was to replace the winsock dll file and the dll file came from the following website: www.simpletechs.com.simple-blog/windows-7-winsock-reset-not-working-initialization-function-inithelperdll-in-nshttpdll-failed-to-start-with-error-code-11003

 

Not sure if that makes a difference. The ntskrol.exe causing bsod actually happened at least 4 times and the most recent one was if I remember right if not yesterday then two days ago. But I checked all of my memory that came with the laptop and nothing seems to be the problem with the hardware.


  • 0

#12
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Rasuka.

Let's move on.

Registry cleaner warning
I've noticed that you have registry cleaner programs installed:
  • RegCure
  • RegInOut System Utilities
  • CCleaner
Although they may seem to be useful, they use schemes, which aren't accurate, thus can cause more harm than good, including making your system unbootable. Because of that, I recommend you to uninstall them. However, you may want to keep CCleaner, as it has some useful functions. Just refrain from using it's registry cleaning ability.

 
As you've already removed uTorrent, you should also uninstall Thunder, as it is a P2P program as well. I'm sorry, I missed it earlier.

 
Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   429bytes   52 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Step #3
Task manager screenshot

I need to know which process exactly is increasing your CPU usage. Because of that, I'd like you to show me a screenshot of your Task Manager.
To do that, press Ctrl+Shift+Esc combination on your keyboard, in Task Manager windows select Processes tab, then press Alt+Print Screen combination on your keyboard. Once done, open Paint, press Ctrl+V combination and Ctrl+S to save the file. Please, use .JPG format. Add that file as an attachment to your post. If impossible, use a hosting site like imgur and provide me the link that it'll give you.

 
Things that should appear in your next post:
  • Fixlog.txt log content
  • FRST.txt log content
  • Addition.txt log content
  • Screenshot of your Task Manager

  • 0

#13
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

the screen shot would you like it when i first boot my computer? and also would you like all the user tasks even the one run by the system


  • 0

#14
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
I need to know which process uses so much CPU. If it doesn't show without using "Show processes from all users", then tick it. Just make sure that this annoying one is there and make a screenshot :)
  • 0

#15
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

As advised I uninstalled the following programs:-
- Thunder
- RegCure
- RegIn Out System Utilities
 
As requested here is the Fix Log:-
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Rasuka at 2014-12-30 17:37:24 Run:2
Running from C:\Users\Rasuka\Desktop
Loaded Profiles: Rasuka &  (Available profiles: Rasuka)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
2014-12-06 23:19 - 2014-12-06 22:16 - 00894085 _____ (JamesR) C:\Users\Rasuka\Desktop\Le Bot 8.3.exe
2014-12-06 22:16 - 2014-12-06 22:16 - 00894085 _____ (JamesR) C:\Users\Rasuka\Downloads\Le Bot 8.3.exe
2014-12-05 22:02 - 2014-12-05 22:04 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Risoquz
2014-12-04 23:29 - 2014-12-04 23:29 - 00000000 ____D () C:\Users\Rasuka\Downloads\Cubis Deluxe + Serial & Cubis Gold 2 + Crack
*****************
 
C:\Users\Rasuka\Desktop\Le Bot 8.3.exe => Moved successfully.
C:\Users\Rasuka\Downloads\Le Bot 8.3.exe => Moved successfully.
C:\Users\Rasuka\AppData\Roaming\Risoquz => Moved successfully.
C:\Users\Rasuka\Downloads\Cubis Deluxe + Serial & Cubis Gold 2 + Crack => Moved successfully.
 
==== End of Fixlog 17:37:56 ====
 
FRST Log:-
 
 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014

Ran by Rasuka (administrator) on RASUKA-PC on 30-12-2014 17:59:06
Running from C:\Users\Rasuka\Desktop
Loaded Profile: Rasuka (Available profiles: Rasuka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Akamai Technologies, Inc.) C:\Users\Rasuka\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Akamai Technologies, Inc.) C:\Users\Rasuka\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrodist.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [378968 2012-01-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-30] (Synaptics)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-05-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [606024 2013-09-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-30] (Lenovo)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe [3244080 2012-04-06] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-28] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [423200 2008-07-11] (Sony Corporation)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-16] (LENOVO)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Rasuka\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2014-12-19] (Valve Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
Startup: C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(752).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...t&type=avastbcl
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...p={searchTerms}
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} ->  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ѸÀ×ÏÂÔØÖ§³Ö×é¼þ -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8AE1D0C4-7173-439A-A816-1CE62C27BD64}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CC6CA805-4581-4164-8FC0-492B3F3009C8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D3694D17-36C2-4024-9423-D8AEE6EFE184}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FE9367BC-57FD-431C-AFE2-10F4FBAC625F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: CallChannelManager Class - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7} [2014-11-11]
FF Extension: iMacros for Firefox - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-12-19]
FF Extension: RefControl - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2012-12-20]
FF Extension: Greasemonkey - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-12-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: No Name - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-21]
CHR Extension: (Google Docs) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-21]
CHR Extension: (Google Drive) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-21]
CHR Extension: (YouTube) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-21]
CHR Extension: (Google Search) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-21]
CHR Extension: (Tampermonkey) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-21]
CHR Extension: (Google Sheets) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-21]
CHR Extension: (Gmail) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-16] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164184 2012-04-16] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5434008 2013-08-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-26] (Electronic Arts)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-17] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-12-26] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-13] (TODO: <Company name>)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 11:21 - 2014-12-30 11:21 - 00305496 _____ () C:\Windows\Minidump\123014-57002-01.dmp
2014-12-29 22:08 - 2014-12-29 22:19 - 00048342 _____ () C:\Users\Rasuka\Desktop\Addition.txt
2014-12-29 16:36 - 2014-12-29 16:36 - 00002958 _____ () C:\Windows\SysWOW64\rsslogs.20141229163422
2014-12-29 10:07 - 2014-12-29 10:07 - 00002969 _____ () C:\Windows\SysWOW64\rsslogs.20141229100044
2014-12-29 09:30 - 2014-12-29 09:33 - 00011920 _____ () C:\Windows\SysWOW64\rsslogs.20141229092849
2014-12-28 18:17 - 2014-12-28 18:19 - 00011527 _____ () C:\Users\Rasuka\Desktop\ckfiles.txt
2014-12-28 17:53 - 2014-12-28 17:53 - 00003132 _____ () C:\Windows\System32\Tasks\{3BA1A2CC-ADC2-4769-9128-7D1F9D21A55E}
2014-12-28 17:45 - 2014-12-28 17:45 - 00468480 _____ () C:\Users\Rasuka\Desktop\CKScanner.exe
2014-12-28 15:41 - 2014-12-28 15:41 - 00000000 ____D () C:\Users\Rasuka\Desktop\FRST-OlderVersion
2014-12-28 12:37 - 2014-12-28 12:37 - 00000020 ___SH () C:\Users\Rasuka\ntuser.ini
2014-12-28 11:15 - 2014-12-28 11:15 - 00308360 _____ () C:\Windows\Minidump\122814-59514-01.dmp
2014-12-28 08:20 - 2014-12-30 11:25 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-28 08:20 - 2014-12-30 11:25 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-28 08:20 - 2014-12-28 08:20 - 00000000 _____ () C:\Users\Rasuka\AppData\Local\{D7C78B3C-29B7-4F9D-9D6D-05D8D4771822}
2014-12-28 08:06 - 2014-12-28 08:06 - 00003186 _____ () C:\Windows\SysWOW64\rsslogs.20141228080627
2014-12-27 21:28 - 2014-12-30 18:20 - 00039277 _____ () C:\Users\Rasuka\Desktop\FRST.txt
2014-12-27 21:26 - 2014-12-28 15:41 - 02123264 _____ (Farbar) C:\Users\Rasuka\Desktop\FRST64.exe
2014-12-27 19:25 - 2014-12-30 18:06 - 00000000 ____D () C:\FRST
2014-12-27 15:45 - 2014-12-27 16:15 - 00006372 _____ () C:\Windows\SysWOW64\rsslogs.20141227154136
2014-12-27 13:32 - 2014-12-28 13:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-27 10:17 - 2014-12-28 13:36 - 00000000 ____D () C:\ProgramData\Norton
2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-27 10:01 - 2014-12-27 10:02 - 00002910 _____ () C:\Windows\SysWOW64\rsslogs.20141227095652
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean.tmp
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean
2014-12-26 19:53 - 2014-12-26 19:53 - 00000398 _____ () C:\Windows\Tasks\RegInOut on user logon - Rasuka.job
2014-12-26 19:52 - 2014-12-26 19:52 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-12-26 19:49 - 2014-12-26 19:49 - 00000235 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
2014-12-26 19:31 - 2014-12-30 17:45 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:31 - 2014-12-30 17:45 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:22 - 2014-12-26 21:45 - 00000000 ____D () C:\ProgramData\Backup
2014-12-26 18:18 - 2014-12-26 21:00 - 00000000 ____D () C:\ProgramData\RegInOut
2014-12-26 15:13 - 2014-12-26 15:13 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-26 15:11 - 2014-12-26 15:11 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2014-12-26 15:11 - 2014-12-26 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-12-26 15:09 - 2014-12-26 15:09 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-12-26 14:04 - 2014-12-26 14:04 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\SpeedyPC Software
2014-12-26 14:02 - 2014-12-26 17:47 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-12-26 09:25 - 2014-12-26 09:25 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-12-25 12:22 - 2014-12-25 15:20 - 00000752 _____ () C:\Windows\DtcInstall.log
2014-12-25 11:01 - 2014-12-25 11:19 - 00001446 _____ () C:\Windows\comsetup.log
2014-12-25 10:38 - 2014-12-25 10:38 - 00000002 _____ () C:\$UpgDrv$
2014-12-25 10:37 - 2014-12-25 10:37 - 00001594 _____ () C:\Windows\CompatibilityIssues.txt
2014-12-25 10:20 - 2014-12-26 09:25 - 00000000 ____D () C:\$UPGRADE.~OS
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagwrn.xml
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagerr.xml
2014-12-24 20:16 - 2014-12-24 20:16 - 00455136 ____T () C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll
2014-12-24 20:16 - 2014-12-24 20:16 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\CrashRpt
2014-12-24 20:15 - 2014-12-24 20:15 - 00000872 _____ () C:\Users\Rasuka\Desktop\SIW x64 Home Edition.lnk
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____H () C:\Users\Rasuka\Documents\Default.rdp
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
2014-12-24 20:14 - 2014-12-24 20:15 - 00000000 ____D () C:\Program Files\SIW Home Edition
2014-12-24 20:10 - 2014-12-24 20:11 - 00000916 _____ () C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
2014-12-24 20:08 - 2014-12-24 20:08 - 00000099 _____ () C:\Windows\Reimage.ini
2014-12-24 19:43 - 2014-12-27 10:08 - 00000000 ____D () C:\Windows\pss
2014-12-24 18:43 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-12-24 18:27 - 2014-12-24 18:27 - 00305192 _____ () C:\Windows\Minidump\122414-8112-01.dmp
2014-12-24 11:23 - 2014-12-24 11:23 - 00305000 _____ () C:\Windows\Minidump\122414-45427-01.dmp
2014-12-23 23:03 - 2014-12-23 23:03 - 00000000 ____D () C:\ProgramData\F-Secure
2014-12-23 21:13 - 2014-12-26 13:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-23 21:06 - 2014-12-23 21:06 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\71490227.sys
2014-12-23 20:36 - 2014-12-23 21:48 - 00000000 ____D () C:\Users\Rasuka\Downloads\tdsskiller
2014-12-23 20:36 - 2014-12-23 20:37 - 05198336 _____ (AVAST Software) C:\Users\Rasuka\Downloads\aswMBR.exe
2014-12-23 20:35 - 2014-12-23 20:35 - 04166770 _____ () C:\Users\Rasuka\Downloads\tdsskiller.zip
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\system32\NV
2014-12-23 19:52 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-23 19:18 - 2014-12-23 19:19 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141223191743
2014-12-23 19:01 - 2014-12-23 19:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 14:13 - 2014-12-30 18:21 - 00212480 ___SH () C:\Users\Rasuka\Thumbs.db
2014-12-21 22:09 - 2014-12-21 22:09 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-21 22:09 - 2014-12-21 22:09 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-21 22:09 - 2014-12-21 22:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-21 22:09 - 2014-12-21 22:09 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-21 22:09 - 2014-12-21 22:09 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-21 22:09 - 2014-12-21 22:09 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-21 22:09 - 2014-12-21 22:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-21 22:08 - 2014-12-21 22:09 - 00003397 _____ () C:\Windows\IE9_main.log
2014-12-21 20:25 - 2014-12-23 20:38 - 00000424 _____ () C:\Windows\system32\.crusader
2014-12-21 19:10 - 2014-12-21 19:10 - 00003136 _____ () C:\Windows\System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C}
2014-12-21 18:59 - 2014-12-21 20:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-21 18:59 - 2014-12-21 18:59 - 11222744 _____ (SurfRight B.V.) C:\Users\Rasuka\Downloads\HitmanPro_x64.exe
2014-12-21 18:41 - 2014-12-30 11:21 - 1091069408 _____ () C:\Windows\MEMORY.DMP
2014-12-21 18:41 - 2014-12-21 18:41 - 00287584 _____ () C:\Windows\Minidump\122114-17612-01.dmp
2014-12-21 18:29 - 2014-12-22 09:07 - 00001424 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-21 18:26 - 2014-12-30 17:44 - 00035258 _____ () C:\Windows\PFRO.log
2014-12-21 18:19 - 2014-12-21 18:19 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-21 18:19 - 2014-12-21 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-21 18:18 - 2014-12-30 18:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 18:18 - 2014-12-30 18:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 18:16 - 2014-12-30 17:55 - 00712794 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 18:15 - 2014-12-21 18:15 - 00003284 _____ () C:\Windows\SysWOW64\rsslogs.20141221181208
2014-12-21 18:11 - 2014-12-30 17:45 - 00002347 _____ () C:\Windows\setupact.log
2014-12-21 18:11 - 2014-12-25 10:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-21 15:32 - 2014-12-21 15:32 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 15:31 - 2014-12-23 19:53 - 00000000 ____D () C:\AdwCleaner
2014-12-21 15:30 - 2014-12-21 15:30 - 02173952 _____ () C:\Users\Rasuka\Downloads\AdwCleaner.exe
2014-12-21 15:30 - 2014-12-21 15:30 - 01707646 _____ (Thisisu) C:\Users\Rasuka\Downloads\JRT.exe
2014-12-21 15:20 - 2014-12-21 15:21 - 124144376 _____ (Microsoft Corporation) C:\Users\Rasuka\Downloads\msert.exe
2014-12-21 15:06 - 2014-12-21 15:06 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141221150518
2014-12-17 20:10 - 2014-12-17 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-16 09:30 - 2014-12-21 15:05 - 00000304 _____ () C:\Windows\system32\TemporarFileConfiguration
2014-12-15 20:50 - 2014-12-15 20:53 - 00000000 ____D () C:\Users\Rasuka\衝上雲霄
2014-12-13 10:35 - 2014-12-14 22:02 - 00000000 ____D () C:\Program Files\Common Files\Thunder Network
2014-12-13 10:34 - 2014-12-13 10:34 - 00000020 _____ () C:\Windows\SysWOW64\pub_store.dat
2014-12-13 10:34 - 2014-12-13 10:34 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\ѸÀ×ÓÎÏ·
2014-12-13 10:34 - 2014-12-13 10:32 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\atl90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00001857 _____ () C:\Windows\system32\Microsoft.VC90.CRT.manifest
2014-12-13 10:34 - 2014-12-13 10:32 - 00000466 _____ () C:\Windows\system32\Microsoft.VC90.ATL.manifest
2014-12-13 10:33 - 2014-12-13 14:20 - 00000000 ____D () C:\Users\Public\Thunder Network
2014-12-13 10:33 - 2014-12-13 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷
2014-12-13 10:32 - 2014-12-30 17:23 - 00000000 ____D () C:\Program Files (x86)\Thunder Network
2014-12-13 10:32 - 2014-12-13 10:35 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-12-13 10:28 - 2014-12-13 10:32 - 32010184 _____ (深圳市迅雷网络技术有限公司) C:\Users\Rasuka\Downloads\Thunder_dl_7.9.30.4860.exe
2014-12-12 15:22 - 2014-12-12 15:22 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141212152137
2014-12-10 22:03 - 2014-12-10 22:03 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 15:27 - 2014-12-10 15:27 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141210152457
2014-12-09 23:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 23:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 15:52 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 15:52 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 15:51 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 15:50 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 15:50 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 15:50 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 15:50 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 15:50 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 15:50 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-03 18:52 - 2014-12-03 18:52 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-02 11:32 - 2014-12-02 11:32 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141202105225
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 18:05 - 2012-08-26 00:23 - 00018026 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-30 18:04 - 2012-08-25 23:49 - 00000000 ___SD () C:\Users\Rasuka
2014-12-30 18:02 - 2013-03-17 08:54 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Skype
2014-12-30 18:00 - 2009-07-14 00:13 - 00791388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 17:56 - 2012-05-30 18:32 - 00000000 ____D () C:\ProgramData\VeriFace
2014-12-30 17:56 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 17:56 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 17:53 - 2014-11-01 11:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 17:49 - 2012-08-26 00:12 - 00000000 ____D () C:\Users\Rasuka\Tracing
2014-12-30 17:48 - 2013-04-12 16:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-30 17:46 - 2012-10-03 23:07 - 03388679 _____ () C:\FaceProv.log
2014-12-30 17:45 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 17:39 - 2014-11-25 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 16:49 - 2012-08-26 08:05 - 00000000 ____D () C:\ProgramData\RegCure
2014-12-30 11:21 - 2013-12-28 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 21:15 - 2014-11-14 22:03 - 00007597 _____ () C:\Users\Rasuka\AppData\Local\resmon.resmoncfg
2014-12-28 19:52 - 2014-10-12 07:15 - 00001939 _____ () C:\Users\Rasuka\Desktop\ Mabinogi .lnk
2014-12-28 18:07 - 2012-08-26 08:14 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\uTorrent
2014-12-28 14:10 - 2012-05-30 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-28 13:41 - 2013-01-25 08:29 - 00000000 ____D () C:\Users\Rasuka\New folder (2)
2014-12-28 12:29 - 2009-07-14 00:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-27 20:23 - 2013-04-09 16:55 - 00000000 ____D () C:\Users\Rasuka\Documents\Just Another Day with you
2014-12-27 15:06 - 2013-03-17 08:54 - 00000000 ____D () C:\ProgramData\Skype
2014-12-27 15:05 - 2014-11-15 08:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-27 14:51 - 2014-10-03 10:26 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-26 20:34 - 2013-01-10 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2014-12-26 19:45 - 2014-10-29 16:54 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-26 19:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 09:39 - 2012-08-29 15:28 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-12-26 09:39 - 2012-08-26 10:08 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-12-26 09:39 - 2012-08-26 08:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-12-26 09:39 - 2012-08-26 05:14 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-26 09:39 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-26 09:39 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-26 09:21 - 2010-11-20 09:42 - 00000000 ____D () C:\$WINDOWS.~BT
2014-12-24 18:47 - 2012-08-26 00:45 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker
2014-12-24 18:14 - 2014-02-16 19:24 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-23 21:56 - 2012-08-25 23:48 - 00000000 ____D () C:\Recovery
2014-12-23 21:48 - 2014-10-19 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-23 21:48 - 2012-11-12 08:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-23 21:48 - 2012-08-25 23:49 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-23 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-23 21:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-23 20:03 - 2014-03-23 07:23 - 00000000 ____D () C:\Temp
2014-12-23 20:03 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-22 16:12 - 2013-03-18 10:45 - 00000000 ____D () C:\Users\Rasuka\New folder (3)
2014-12-22 15:59 - 2014-11-14 16:07 - 00000000 ____D () C:\Users\Rasuka\Downloads\Flockers-FLT
2014-12-22 15:42 - 2014-09-08 07:12 - 00000000 ____D () C:\Users\Rasuka\Documents\Chemical Lab Tech
2014-12-22 09:07 - 2012-08-25 23:50 - 00001418 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-21 18:27 - 2011-02-24 12:03 - 00000000 ____D () C:\Windows\Panther
2014-12-21 18:19 - 2012-08-26 00:26 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Google
2014-12-21 18:19 - 2012-05-30 18:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-21 18:18 - 2012-05-30 18:37 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-21 18:18 - 2012-05-30 18:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-12-21 09:33 - 2013-04-14 09:33 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Deployment
2014-12-20 10:19 - 2014-11-22 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 22:06 - 2009-07-13 21:34 - 00001512 ___SH () C:\Windows\system32\Drivers\etc\hosts.hitmanpro
2014-12-18 18:46 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-17 21:40 - 2013-06-10 13:48 - 00000000 ____D () C:\Users\Rasuka\New folder (4)
2014-12-17 18:41 - 2014-10-23 14:54 - 00000000 ____D () C:\Program Files (x86)\Granado Espada Online
2014-12-14 15:01 - 2012-08-28 21:34 - 00000000 ____D () C:\Users\Rasuka\Documents\Youcam
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 05:08 - 2014-02-16 19:18 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-13 05:08 - 2012-05-30 18:09 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 01097360 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 03:03 - 2012-05-30 18:10 - 00628040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-12 22:38 - 2014-11-25 21:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 22:12 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 22:05 - 2014-11-25 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 22:05 - 2014-11-25 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-12 18:11 - 2012-05-30 18:10 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-12 15:25 - 2014-01-10 11:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 22:03 - 2014-04-29 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 15:51 - 2012-08-26 08:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 15:47 - 2013-07-16 06:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 15:34 - 2012-08-26 00:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 15:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-12-09 13:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-12-07 18:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-12-06 10:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-12-03 18:52 - 2014-11-01 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 18:52 - 2014-11-01 11:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 16:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-02 14:56 - 2014-05-09 21:20 - 00000000 ____D () C:\ProgramData\Origin
2014-12-02 14:55 - 2014-05-09 21:20 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-01 20:33 - 2014-11-29 11:32 - 00000000 ___HD () C:\sohucache
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-27 17:11
 
==================== End Of Log ============================

 
Additions Log:-
 
 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014

Ran by Rasuka at 2014-12-30 18:27:06
Running from C:\Users\Rasuka\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A Walk in the Dark (HKLM-x32\...\Steam App 248730) (Version:  - )
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\Adobe_ced94c8db6b9767b7dd95a4c64ecdc8) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Aimersoft Video Converter Ultimate(Build 6.4.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.4.1.0 - Aimersoft Software)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.3042.60281 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.3042.60281 - Alcor Micro Corp.) Hidden
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
All Sound Recorder XP 2.30 (HKLM-x32\...\All Sound Recorder XP_is1) (Version:  - MP3DO, Inc.)
Anvil Studio (HKLM-x32\...\{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}) (Version: 14.03.01 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{BC3AFA60-3E98-4F5B-81B7-0A919050C0D7}) (Version: 12.12.07 - Willow Software)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Brownie (HKLM-x32\...\{F40CA00E-B365-448A-B146-BC061F1230A0}) (Version: 1.0.2 - Hotarugirl)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.50 - Conexant)
Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.0.0.07110 - Sony Corporation)
CoreAAC (HKLM-x32\...\CoreAAC) (Version:  - )
Costume Quest (HKLM-x32\...\Costume Quest_is1) (Version:  - )
Crazy Plant Shop (HKLM-x32\...\Crazy Plant Shop1.1) (Version: 1.1 - Foxy Games)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Disney Epic Mickey 2 (HKLM-x32\...\{FD86651E-5875-4964-9E18-7F128292EBB1}) (Version: 1.00.0000 - Disney Interactive Studios)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
FATE (HKLM-x32\...\Steam App 246840) (Version:  - WildTangent)
FATE: Undiscovered Realms (HKLM-x32\...\Steam App 276890) (Version:  - WildTangent)
Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.01.516 - Gamigo games)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.54 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version:  - IMC Games Co., Ltd.)
Grimm (HKLM-x32\...\Steam App 252150) (Version:  - Spicyhorse Games)
Hexic Deluxe (HKLM-x32\...\{E26DE186-3540-4489-83D0-8BFFBFBDBBC8}) (Version: 1.0.0 - Zone.com Deluxe Games)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Knights of Pen and Paper (HKLM-x32\...\Knights of Pen and Paper_is1) (Version:  - Paradox Interactive)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.7 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.7 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3807 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3807 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.0.29 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Media Manager for WALKMAN 1.2 (HKLM-x32\...\{5A6ED905-D19D-4954-8499-0DAF386460F7}) (Version: 1.2.771 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PrintMusic! 2000 (HKLM-x32\...\PrintMusic! 2000) (Version:  - )
QBeez 2 (HKLM-x32\...\QBeez 2_is1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds_is1) (Version:  - )
Ricochet Xtreme (HKLM-x32\...\Ricochet Xtreme Retail_is1) (Version:  - Reflexive Entertainment, Inc.)
Rogue Legacy version 0.0.0.9 (HKLM-x32\...\Rogue Legacy_is1) (Version: 0.0.0.9 - WaLMaRT)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SharpEye Music Reader 2 (HKLM-x32\...\SharpEye Music Reader 2) (Version:  - Visiv)
SIW x64 Home Edition (HKLM\...\{0927321C-2FD4-43DF-94A6-FC2FB355A7A7}_is1) (Version: 2014.10.16 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version:  - KING Art)
The Book of Unwritten Tales: The Critter Chronicles (HKLM-x32\...\Steam App 221830) (Version:  - KING Art)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version:  - SQUARE ENIX)
The Witch's Yarn (HKLM-x32\...\Steam App 287740) (Version:  - Mousechief)
TRENDnet TEW-648UB Wireless N USB Adapter (HKLM-x32\...\{74A8117D-07C6-4222-AFFD-51421B69DEF0}) (Version: 1.00.0000 - TRENDnet)
Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version:  - Reality Pump Studios)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Violett (HKLM-x32\...\Steam App 257830) (Version:  - Forever Entertainment S. A.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Driver Package - Lenovo Corporation (LAD) System  (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
搜狐影音 (HKLM-x32\...\搜狐影音) (Version: 0.0.0.0 - 搜狐公司)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
27-12-2014 12:56:16 Windows Update
28-12-2014 13:57:36 Removed Realtek Ethernet Controller All-In-One Windows Driver
29-12-2014 15:50:24 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-26 19:45 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.79.59 www.google-analytics.com.
85.25.79.59 google-analytics.com.
85.25.79.59 connect.facebook.net.
95.141.32.73 www.google-analytics.com.
95.141.32.73 google-analytics.com.
95.141.32.73 connect.facebook.net.
192.95.55.231 www.google-analytics.com.
192.95.55.231 google-analytics.com.
192.95.55.231 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {025A6CEF-C5AE-448C-8430-F0DA437902B9} - System32\Tasks\{F3BC409F-9772-4B6D-A738-4B8CD4912D11} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {0C9F50CC-E1ED-4DB7-822D-5557292AC80B} - System32\Tasks\{FEE8E489-4C4C-4BCB-BDB5-227194F09DCF} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {0D91EB19-AAB1-4274-8D64-1200DCC7A465} - System32\Tasks\{823FE0E4-B8C5-4B7C-A54E-C46D2DBD4573} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"
Task: {185E1C55-F5D1-48F6-AC26-FC3F4438B3EF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1422646263-2310165737-2160699533-1001
Task: {1D20654C-A8B8-44D8-B766-52109305D06F} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {21EBCB66-353E-4E1D-AE3F-2D12330C721C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NICMJNDJCMKJBJ"
Task: {22854C27-DDEA-4088-A6FF-35D963A7EDF3} - System32\Tasks\{E5BFC2D6-BDAB-40AE-9DEF-4DC68F2F500F} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {2A2FEAEB-FFF7-4095-BD71-F985AEBAD5DE} - System32\Tasks\{D12BF48A-CC03-43AB-9EC3-99FED05B2D7A} => pcalua.exe -a "C:\Program Files (x86)\BlueStacks\HD-RuntimeUninstaller.exe"
Task: {346E7C27-6B5F-4759-9820-26CC924CE0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {38DA9148-2EF2-4AEB-BC87-F3199E506247} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3D7C4A06-AD25-4063-8F48-EF7F635906DD} - System32\Tasks\{E5CC5A64-52CF-4623-B2C7-562AFE7CA212} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {469E4821-5767-48F5-85FD-9222334165A8} - System32\Tasks\{CEA399DE-E27B-4EC5-914B-C87A23C3500F} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"
Task: {47F257D5-1098-42A9-BBFE-856B2FAD1054} - System32\Tasks\{2A70A94C-0F7F-4C71-A6B8-46E26D6B249B} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {4D24C1F9-4217-4A50-B31E-BD9877BAD97C} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {52B267EA-BE0E-4BA3-B3FC-9FA7F59BCA97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {5713371C-95A7-4917-ADED-232652F8C983} - System32\Tasks\{724FF4FC-7D91-454A-8AB7-9EAE5EF40960} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {5B6E992A-10E7-4E7B-8C4F-F05FC2F376B7} - System32\Tasks\{3BA1A2CC-ADC2-4769-9128-7D1F9D21A55E} => pcalua.exe -a C:\Users\Rasuka\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {5DDCFCD0-E807-4966-99C7-9CC479E588D2} - System32\Tasks\{E49F7C0D-F95A-47DC-AE9C-4E1E49F9390F} => pcalua.exe -a C:\Users\Rasuka\0wto11ww.exe -d C:\Users\Rasuka
Task: {6BA6068E-5650-46EB-8D88-37A2B326A1C8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {6EF09F29-7244-4BBF-94CE-D3FE3602FB51} - System32\Tasks\{45EA421A-51C9-4779-BABF-8240F25648FD} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1
Task: {707CADC8-4B7F-431E-8761-34F2668616BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72CF49A3-4A4B-471F-9AD6-60E504295D6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {737BF6F2-8D2A-4CCA-B957-F5F6AD916151} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {749B25FB-5C8B-47A8-844C-B0F33197959E} - System32\Tasks\{FF3BA0B8-F3B1-435C-B6AF-C7D4A4F46508} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {8988B92E-0B73-44E3-9435-A8BEE01FC290} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-30] (RealNetworks, Inc.)
Task: {8A567B82-3ED9-452E-AE54-C4EBC2E271A9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {98C8E0C4-107E-488C-B3F5-B37ACCA71D67} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {9D80D751-04A3-4441-BEF6-108B9AAC389C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E65973D-8B00-4AE0-BCDF-529573DEE661} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {9E840021-2EFA-4CE3-AF21-47F1C98F1E16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {A09EB468-DC96-47AC-95EB-C736B09E190D} - System32\Tasks\{3B3FD31A-46A5-418E-80F1-BCC52686A04A} => pcalua.exe -a "C:\Remote Programs\Chicken Invaders 3\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=742650;name=Chicken Invaders 3;dir=C:\Remote Programs\Chicken Invaders 3\;prvid=143;cmdid=1;prvdir=Default
Task: {A2678D7C-B865-45C2-9490-EC8780D52250} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {A4C494A6-4C0A-4C39-8B84-DE489882957B} - System32\Tasks\{B4A23E6E-C0C0-4CA5-9481-633B8CE5467A} => pcalua.exe -a "C:\Users\Rasuka\Adobe Master Collection CS4\Adobe Master Collection CS4\Adobe CS4 Master Collection - Shadeyman\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent
Task: {AA8E2498-F463-4421-B4B9-7ED3506F056A} - System32\Tasks\{E233E265-7560-4FDF-88AD-B2514D009AD1} => pcalua.exe -a C:\Users\Rasuka\Downloads\t-engine-launcher.exe -d C:\Users\Rasuka\Downloads
Task: {AEC66460-48AF-4979-9C0F-660464DC180A} - System32\Tasks\{BB11BA80-79B8-4893-8223-A26E64A7486A} => pcalua.exe -a "C:\Users\Rasuka\Downloads\Horns 2013\WMP x264 Codec Pack.exe" -d "C:\Users\Rasuka\Downloads\Horns 2013"
Task: {B50B6778-5740-4285-A22F-6764F157C83C} - System32\Tasks\{36D133A2-797D-4CD0-AD2C-763552ED6126} => pcalua.exe -a C:\Users\Rasuka\caiu15us.exe -d C:\Users\Rasuka
Task: {B8048D3B-84B0-400E-93D7-311832C64D8C} - System32\Tasks\{8BA15FFB-045D-45EB-9020-A6C37C8646AE} => pcalua.exe -a "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs\overball-setup.exe" -d "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs"
Task: {BA24CFB0-7814-48D8-AD6D-49167A77A0FB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {C632E5A5-C9EF-4CE7-A1C7-0D63D0B50AEB} - System32\Tasks\{87E18A00-70D7-4E23-8C0E-A96BD4689162} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {D5B54EC1-DEB8-423C-A2CC-F9A4C54EF5E7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {E70CDEF9-7D08-4A58-ACCA-D1B5BA65651E} - System32\Tasks\{BA0D7B23-D099-401C-A2AA-E0DD6CB74988} => pcalua.exe -a "C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe" -d "C:\Program Files (x86)\Reason\Should I Remove It\"
Task: {E917B792-DBA4-4B94-971A-D99271FB5DF3} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-05] (Intel)
Task: {EAEEF2C9-DD4B-4BDE-8DD3-6E4C76426337} - System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C} => pcalua.exe -a "C:\Program Files (x86)\Thunder Network\Thunder\ThunderUninstall.exe"
Task: {EE9D73D2-AA24-421B-A05C-C075CC325A5B} - System32\Tasks\{4EF5DBBA-8C36-4DF5-BB7E-0DFC7D116955} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {F378FFE8-12D2-4B52-9FE5-ECED93D5AFED} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {FAE7BE10-0F93-4D10-9C7E-4F150E028997} - System32\Tasks\{4A51568A-7C5C-433B-A3C3-21CFEAD0EBEC} => pcalua.exe -a "C:\Remote Programs\Azteca\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=529250;name=Azteca;dir=C:\Remote Programs\Azteca\;prvid=143;cmdid=1;prvdir=Default
Task: {FEE02C20-EAE0-4317-9099-9B4E19D328C0} - System32\Tasks\{C7CAA15D-063A-45B7-BAF2-FC8F6EF10B5E} => pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegInOut on user logon - Rasuka.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-30 18:10 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2014-11-02 09:42 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2014-07-30 01:17 - 2014-07-30 01:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-30 04:04 - 2014-07-30 04:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-07-12 16:55 - 2008-06-26 18:09 - 00167936 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 18:22 - 2012-05-30 18:42 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2013-07-12 16:55 - 2012-01-05 16:53 - 00606208 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
2012-05-30 18:16 - 2012-04-16 02:17 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-17 21:52 - 2014-10-17 21:52 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-18 11:00 - 2014-10-18 11:00 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-05-30 18:05 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00021040 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00089136 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\CommonTools.dll
2012-05-30 18:31 - 2011-12-08 13:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2014-12-21 18:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1422646263-2310165737-2160699533-500 - Administrator - Disabled)
Guest (S-1-5-21-1422646263-2310165737-2160699533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1422646263-2310165737-2160699533-1003 - Limited - Enabled)
Rasuka (S-1-5-21-1422646263-2310165737-2160699533-1001 - Administrator - Enabled) => C:\Users\Rasuka
 
==================== Faulty Device Manager Devices =============
 
Name: MagicISO SCSI Host Controller
Description: MagicISO SCSI Host Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: MagicISO, Inc.
Service: mcdbus
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2014 06:06:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 2.55.74.58, time stamp: 0x5494af36
Faulting module name: libcef.dll, version: 3.1916.1692.0, time stamp: 0x5493572a
Exception code: 0x80000003
Fault offset: 0x000813f0
Faulting process id: 0x1fd0
Faulting application start time: 0xsteamwebhelper.exe0
Faulting application path: steamwebhelper.exe1
Faulting module path: steamwebhelper.exe2
Report Id: steamwebhelper.exe3
 
Error: (12/30/2014 05:46:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/30/2014 05:46:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 11:22:53 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/30/2014 11:22:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 10:51:14 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/30/2014 10:51:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 09:37:13 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/29/2014 09:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 04:37:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcshield.exe, version: 1.1.3.178, time stamp: 0x53d17f6f
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0xef0
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3
 
 
System errors:
=============
Error: (12/30/2014 05:54:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application User Notification Service service failed to start due to the following error: 
%%1053
 
Error: (12/30/2014 05:54:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.
 
Error: (12/30/2014 05:53:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.
 
Error: (12/30/2014 05:51:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (12/30/2014 05:46:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (12/30/2014 05:45:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:43:43 PM on ‎30/‎12/‎2014 was unexpected.
 
Error: (12/30/2014 11:26:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}
 
Error: (12/30/2014 11:23:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/30/2014 11:22:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (12/30/2014 11:21:37 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0xfffffa80069defb0, 0x0000000000000002, 0x0000000000000001, 0xfffff880019287b8)C:\Windows\MEMORY.DMP123014-57002-01
 
 
Microsoft Office Sessions:
=========================
Error: (12/30/2014 06:06:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: steamwebhelper.exe2.55.74.585494af36libcef.dll3.1916.1692.05493572a80000003000813f01fd001d0248534a1f8a8C:\Program Files (x86)\Steam\bin\steamwebhelper.exeC:\Program Files (x86)\Steam\bin\libcef.dll7eb0272b-9078-11e4-b198-047d7bd9bec7
 
Error: (12/30/2014 05:46:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/30/2014 05:46:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 11:22:53 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/30/2014 11:22:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 10:51:14 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/30/2014 10:51:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 09:37:13 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/29/2014 09:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 04:37:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcshield.exe1.1.3.17853d17f6fntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4ef001d023af3033eadcC:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dlle4fb4480-8fa2-11e4-b459-047d7bd9bec7
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 46%
Total physical RAM: 8053.2 MB
Available physical RAM: 4294.84 MB
Total Pagefile: 20132.2 MB
Available Pagefile: 14709.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:110.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.79 GB) NTFS
Drive e: (CoolPad Driver) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.39 GB) (Free:2.77 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 5226011C)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 52260118)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.3 GB) - (Type=12)
 
========================================================
Disk: 2 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 
Attached are the screenshots of my task manager before and after a reboot. I took down both because some people prefer to compare and contrast not sure if that helps. Also because the before restart one, I did close a lot of the processes that I normally would have run in a regular boot in order for my computer to even run at a level that allows me to even open one chrome browser. The after reboot is what my computer normally runs when i turn it on minus maybe the additional stuff that should not be there. It usually uses about 50% of my CPU but I've never hit 100% before.
 
Before restart:-
 
before restart page 1.jpg
 
before restart page 2.jpg
 
before restart page 3.jpg
 
before restart page 4.jpg
 
After Restart:-
 
after restart 1.jpg
 
after restart 2.jpg
 
after restart 3.jpg
 
after restart 4.jpg
 
after restart 5.jpg


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP