Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RegSvr32 multiple error msg - Module failed to load [Solved]

Started by Rasuka , Dec 27 2014 05:27 PM

This topic is locked

#1
Rasuka

Posted 27 December 2014 - 05:27 PM

Member

Member
19 posts

Hi all!

I have recently run into multiple problems with my computer some which i have fixed and others are still in the progress of fixing. Every time i run my regular programs at start up it causes my computer to be really slow and I get these multiple regsvr32 error messages. I'm not sure if this was due to the recent virus attack which my computer just recovered from or coming from a different source but I've ran Malwarebytes anti-malware and nothing comes up. I also ran mcafee which removed the other virus, and a bunch of other virus scanners online and offline and multiple registry cleaners and nothing comes up.

Any help would be greatly appreciated

Thanks

The following is my OLT log:-

OTL logfile created on: 27/12/2014 1:52:38 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rasuka\Computer stuff

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.86 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 54.23% Memory free

15.73 Gb Paging File | 11.13 Gb Available in Paging File | 70.73% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 420.56 Gb Total Space | 68.42 Gb Free Space | 16.27% Space Free | Partition Type: NTFS

Drive D: | 25.47 Gb Total Space | 21.79 Gb Free Space | 85.54% Space Free | Partition Type: NTFS

Drive F: | 7.39 Gb Total Space | 2.77 Gb Free Space | 37.46% Space Free | Partition Type: FAT32

Computer Name: RASUKA-PC | User Name: Rasuka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/27 13:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rasuka\Computer stuff\OTL.exe

PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2014/12/13 10:32:57 | 001,353,672 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe

PRC - [2014/12/13 10:32:47 | 000,190,920 | ---- | M] (深圳市迅雷网络技术有限公司) -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\ThunderPlatform.exe

PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014/10/17 21:52:48 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

PRC - [2014/07/30 04:04:26 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

PRC - [2014/07/30 01:17:08 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

PRC - [2014/05/29 18:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

PRC - [2014/04/25 04:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

PRC - [2013/09/19 12:05:54 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

PRC - [2013/05/08 02:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2012/05/30 18:32:26 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

PRC - [2012/04/16 02:16:54 | 000,164,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2012/04/06 21:07:40 | 003,244,080 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe

PRC - [2012/02/27 06:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2012/02/20 18:08:36 | 000,066,608 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe

PRC - [2012/02/05 13:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe

PRC - [2012/01/05 16:53:38 | 000,606,208 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe

PRC - [2011/12/08 13:12:40 | 000,291,272 | ---- | M] () -- C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

PRC - [2011/01/29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

PRC - [2008/06/26 18:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/12/26 18:54:10 | 000,133,120 | ---- | M] () -- C:\Users\Rasuka\AppData\Roaming\fijryhfa\colers.dll

MOD - [2014/12/17 10:54:12 | 000,024,008 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush\WifiDetector\WifiDetector.dll

MOD - [2014/12/13 10:33:00 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\mini_unzip_dll.dll

MOD - [2014/12/13 10:32:59 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\libexpat.dll

MOD - [2014/12/13 10:32:51 | 000,077,824 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\zlib1.dll

MOD - [2014/12/13 10:32:51 | 000,053,112 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\XLCrypto.dll

MOD - [2014/12/13 10:32:50 | 000,534,984 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\ts.dll

MOD - [2014/12/13 10:32:50 | 000,129,480 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\tp\tp_proxy.dll

MOD - [2014/12/13 10:32:50 | 000,012,288 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\mini_unzip_dll.dll

MOD - [2014/12/13 10:32:49 | 001,268,168 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\emule_kernel.dll

MOD - [2014/12/13 10:32:49 | 000,143,360 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\libexpat.dll

MOD - [2014/12/13 10:32:49 | 000,019,968 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\minizip.dll

MOD - [2014/12/13 10:32:48 | 000,018,296 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.252_1111\dl_uac_tool.dll

MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

MOD - [2014/11/24 18:40:20 | 000,254,408 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\BrowserSupportMoudle.dll

MOD - [2014/10/16 19:23:31 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll

MOD - [2014/10/16 19:23:12 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll

MOD - [2014/10/16 19:23:08 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll

MOD - [2014/10/16 19:22:54 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll

MOD - [2014/10/16 19:22:54 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll

MOD - [2014/10/16 19:22:50 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll

MOD - [2014/10/16 19:22:49 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll

MOD - [2014/10/16 19:22:45 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll

MOD - [2014/10/16 19:22:38 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll

MOD - [2014/10/16 19:22:38 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll

MOD - [2014/10/16 19:22:35 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll

MOD - [2014/02/14 19:32:12 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll

MOD - [2014/02/13 09:23:39 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll

MOD - [2014/02/10 12:44:24 | 004,592,128 | ---- | M] () -- C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll

MOD - [2014/02/10 12:44:24 | 000,112,128 | ---- | M] () -- C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll

MOD - [2013/11/06 20:27:42 | 000,014,280 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\iEmbed.dll

MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2012/05/30 18:32:24 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll

MOD - [2012/02/20 18:08:36 | 000,089,136 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\CommonTools.dll

MOD - [2012/02/20 18:08:36 | 000,021,040 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll

MOD - [2012/01/05 16:53:38 | 000,606,208 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe

MOD - [2011/12/08 13:12:40 | 000,291,272 | ---- | M] () -- C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

MOD - [2011/08/26 10:55:16 | 000,294,912 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UB\WPSCtrl.dll

MOD - [2011/08/11 17:30:04 | 000,659,456 | ---- | M] () -- C:\Windows\SysWOW64\vmprp332.ax

MOD - [2011/08/11 09:18:08 | 000,413,696 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UB\WlanDll.dll

MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/09/04 01:56:22 | 000,562,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)

SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2014/08/01 13:05:22 | 000,601,864 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)

SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)

SRV:64bit: - [2014/07/24 14:09:54 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)

SRV:64bit: - [2014/07/18 08:01:10 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2014/07/18 07:52:02 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2014/05/20 23:33:44 | 000,314,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)

SRV:64bit: - [2013/07/17 11:51:24 | 003,377,904 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV:64bit: - [2013/07/17 11:50:38 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2013/07/17 11:50:08 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2013/07/17 11:49:16 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2013/04/11 14:38:06 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2012/03/07 04:00:46 | 000,629,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2010/12/17 15:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)

SRV:64bit: - [2008/06/26 18:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe -- (WlanWpsSvc)

SRV - [2014/12/19 18:38:02 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2014/12/17 20:10:51 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/12/13 10:33:02 | 000,174,024 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)

SRV - [2014/12/12 22:05:36 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/11/26 10:23:35 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)

SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/10/17 21:52:48 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)

SRV - [2014/07/30 04:04:26 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)

SRV - [2014/07/30 01:17:08 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)

SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)

SRV - [2014/05/29 18:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)

SRV - [2014/05/20 23:33:48 | 000,278,344 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2014/04/25 04:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)

SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/09/19 12:05:54 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)

SRV - [2013/09/19 12:05:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/08/25 15:02:22 | 005,434,008 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2013/04/11 14:34:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2012/04/16 02:17:10 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/04/16 02:17:06 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/04/16 02:17:02 | 000,127,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2012/04/16 02:16:54 | 000,164,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2012/02/20 18:08:36 | 000,066,608 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe -- (LenovoSmartConnectService)

SRV - [2012/02/05 13:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)

SRV - [2012/02/01 18:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)

DRV:64bit: - [2014/12/27 11:37:04 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014/12/26 19:52:09 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)

DRV:64bit: - [2014/12/13 05:08:08 | 000,031,376 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2014/07/24 13:32:30 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)

DRV:64bit: - [2014/07/24 13:31:56 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)

DRV:64bit: - [2014/07/18 08:10:54 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2014/07/18 08:01:44 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2014/07/18 07:55:28 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2014/07/18 07:52:36 | 000,526,352 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2014/07/18 07:50:18 | 000,313,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2014/07/18 07:49:08 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2014/05/20 23:33:36 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2013/10/28 14:13:24 | 000,449,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/09/23 12:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)

DRV:64bit: - [2013/05/29 06:10:52 | 011,524,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)

DRV:64bit: - [2013/03/25 09:46:36 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio.sys -- (WsAudio_Device)

DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2012/11/30 00:05:40 | 000,464,184 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/11/30 00:05:38 | 000,031,032 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)

DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012/05/30 18:42:44 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)

DRV:64bit: - [2012/05/30 18:42:44 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV:64bit: - [2012/05/30 17:54:55 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/27 06:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/02/27 06:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/02/27 06:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2012/02/06 05:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)

DRV:64bit: - [2012/02/01 03:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2012/01/27 12:00:28 | 000,109,056 | ---- | M] (Ozmo Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hswpan.sys -- (hswpan)

DRV:64bit: - [2012/01/26 20:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2012/01/26 20:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2012/01/13 02:03:36 | 000,008,192 | ---- | M] (TODO: <Company name>) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LAD.sys -- (LAD)

DRV:64bit: - [2012/01/05 01:26:18 | 000,085,080 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)

DRV:64bit: - [2011/12/15 02:25:40 | 000,958,800 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)

DRV:64bit: - [2011/12/05 03:05:26 | 001,600,128 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2011/10/10 02:56:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/10/10 02:56:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/08/23 21:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/07/20 12:58:18 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)

DRV:64bit: - [2011/01/29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2008/02/06 02:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2006/12/12 01:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)

DRV - [2013/09/19 12:05:46 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://ca.search.ya...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...t&type=avastbcl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 46 B0 1B 9E AC CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\..\SearchScopes\{E9FFB269-B854-4761-8C1C-BC5F324335E3}: "URL" = http://ca.search.yah...p={SearchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"

FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"

FF - prefs.js..browser.search.defaulturl: "https://ca.search.ya...com/yhs/search"

FF - prefs.js..browser.search.isUS: true

FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.3beta1

FF - prefs.js..extensions.enabledAddons: %7B9D2AA73B-6049-4799-B8AC-925723370070%7D:17.0.13

FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.17

FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.8

FF - prefs.js..extensions.enabledAddons: %7B1B33E42F-EF14-4cd3-B6DC-174571C4349C%7D:4.7

FF - prefs.js..extensions.enabledAddons: %7B5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7%7D:3.0.5

FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.7.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5

FF - prefs.js..extensions.enabledItems: {acc3132b-20bd-4fbc-b390-cc88a56260a4}:1.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.13.2: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.13: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.13.2: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: C:\Program Files (x86)\搜狐影音\npifox.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: File not found

FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: File not found

FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/10/17 21:53:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/03/23 07:24:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/11/21 10:40:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9D2AA73B-6049-4799-B8AC-925723370070}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/10/17 21:53:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/17 20:10:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/17 20:10:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 05:36:14 | 000,010,691 | ---- | M] ()

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/17 20:10:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/17 20:10:41 | 000,000,000 | ---D | M]

[2012/08/26 00:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Extensions

[2014/12/21 16:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions

[2014/12/21 20:36:27 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}

[2014/11/11 12:28:25 | 000,000,000 | ---D | M] (CallChannelManager Class) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7}

[2013/04/14 14:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}.oldbackup

[2014/12/19 22:07:40 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

[2014/12/10 20:56:39 | 000,065,568 | ---- | M] () (No name found) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi

[2014/10/17 12:28:17 | 000,304,133 | ---- | M] () (No name found) -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2014/10/08 11:42:15 | 000,009,413 | ---- | M] () -- C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\searchplugins\yahoo-avast.xml

[2014/12/17 20:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/12/17 20:10:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2014/11/21 10:40:56 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

[2014/10/17 21:53:40 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT

[2012/09/09 18:31:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2014/10/17 21:53:00 | 000,148,552 | ---- | M] (RealPlayer Cloud) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - plugin: Error reading preferences file

CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\

CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\

CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.9.131_0\

CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\

CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: No name found = C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/12/26 19:45:05 | 000,001,497 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 85.25.79.59 www.google-analytics.com.

O1 - Hosts: 85.25.79.59 google-analytics.com.

O1 - Hosts: 85.25.79.59 connect.facebook.net.

O1 - Hosts: 95.141.32.73 www.google-analytics.com.

O1 - Hosts: 95.141.32.73 google-analytics.com.

O1 - Hosts: 95.141.32.73 connect.facebook.net.

O1 - Hosts: 192.95.55.231 www.google-analytics.com.

O1 - Hosts: 192.95.55.231 google-analytics.com.

O1 - Hosts: 192.95.55.231 connect.facebook.net.

O2:64bit: - BHO: (Ñ¸À×ÏÂÔØÖ§³Ö) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.30.4860.dll (深圳市迅雷网络技术有限公司)

O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)

O2:64bit: - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - No CLSID value found.

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (no name) - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - No CLSID value found.

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Aimersoft Video Converter Ultimate 6.1.0) - {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} - C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Ñ¸À×ÏÂÔØÖ§³Ö×é¼þ) - {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)

O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)

O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)

O4 - HKLM..\Run: [CAPOSD] C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe (LENOVO)

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [DelaypluginInstall] C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe ()

O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [Intelligent Touchpad] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe ()

O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Smart Update] C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe (Lenovo)

O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)

O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)

O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Rasuka\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [Ofics] C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [Thunder] C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe (深圳市迅雷网络技术有限公司)

O4 - HKCU..\Run: [YRPack] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O8:64bit: - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÀëÏßÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()

O8:64bit: - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()

O8:64bit: - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÀëÏßÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()

O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()

O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found

O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found

O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found

O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found

O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found

O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found

O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found

O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found

O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - %SystemRoot%\system32\vsocklib.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - %SystemRoot%\system32\vsocklib.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: DhcpNameServer = 142.204.33.54 142.204.33.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: DhcpNameServer = 64.71.255.204 64.71.255.198

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE1D0C4-7173-439A-A816-1CE62C27BD64}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B589234-F4A2-4C6C-9A5A-03E5B07A6BCB}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC6CA805-4581-4164-8FC0-492B3F3009C8}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3694D17-36C2-4024-9423-D8AEE6EFE184}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE9367BC-57FD-431C-AFE2-10F4FBAC625F}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\WSAMVCUchrome - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O18 - Protocol\Handler\WSAMVCUchrome - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2014/10/08 15:31:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/27 12:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2014/12/27 12:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2014/12/27 12:31:32 | 000,000,000 | ---D | C] -- C:\20b170f27d12329afa

[2014/12/27 10:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec

[2014/12/27 10:17:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64

[2014/12/27 10:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan

[2014/12/27 10:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan

[2014/12/27 10:17:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0400030.01B

[2014/12/27 10:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2014/12/27 10:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2014/12/27 10:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2014/12/27 10:17:05 | 000,779,704 | ---- | C] (Symantec) -- C:\Users\Rasuka\Setup.exe

[2014/12/26 22:08:34 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\Computer stuff

[2014/12/26 19:34:26 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Local\IWsoft

[2014/12/26 19:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Backup

[2014/12/26 18:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegInOut System Utilities

[2014/12/26 18:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegInOut System Utilities

[2014/12/26 18:54:10 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\fijryhfa

[2014/12/26 18:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut

[2014/12/26 18:00:36 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys

[2014/12/26 18:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2014/12/26 15:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos

[2014/12/26 15:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos

[2014/12/26 15:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos

[2014/12/26 14:04:06 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\SpeedyPC Software

[2014/12/26 14:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

[2014/12/25 10:20:31 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS

[2014/12/24 20:16:14 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Local\CrashRpt

[2014/12/24 20:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW

[2014/12/24 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\SIW Home Edition

[2014/12/24 19:43:37 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2014/12/24 19:06:18 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\gnqunwbz

[2014/12/23 23:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2014/12/23 21:21:59 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\qxdbanzr

[2014/12/23 21:13:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2014/12/23 21:06:59 | 000,242,376 | ---- | C] (Kaspersky Lab, Yury Parshin) -- C:\Windows\SysNative\drivers\71490227.sys

[2014/12/23 20:03:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV

[2014/12/23 20:03:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV

[2014/12/21 18:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2014/12/21 18:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2014/12/21 18:18:04 | 000,880,784 | ---- | C] (Google Inc.) -- C:\Users\Rasuka\ChromeSetup.exe

[2014/12/21 17:40:53 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\qtpcszcz

[2014/12/21 15:32:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/12/21 15:31:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/12/21 15:30:52 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\sxkykjhe

[2014/12/21 14:57:50 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\ovqzwhds

[2014/12/21 14:51:25 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\vaovhrak

[2014/12/20 13:41:38 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\Grey's Anatomy

[2014/12/17 20:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2014/12/13 10:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thunder Network

[2014/12/13 10:34:41 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\Ñ¸À×ÓÎÏ·

[2014/12/13 10:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Thunder Network

[2014/12/13 10:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Thunder Network

[2014/12/13 10:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Thunder Network

[2014/12/10 22:03:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser

[2014/12/09 23:16:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2014/12/06 23:19:49 | 000,894,085 | ---- | C] (JamesR) -- C:\Users\Rasuka\Desktop\Le Bot 8.3.exe

[2014/12/06 12:57:36 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\manga

[2014/12/05 22:02:35 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Roaming\Risoquz

[2014/11/29 11:32:43 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\Documents\ËÑºüÓ°Òô

[2014/11/29 11:32:32 | 000,000,000 | -H-D | C] -- C:\sohucache

[2014/11/29 11:32:26 | 000,000,000 | ---D | C] -- C:\SHDownload

[2014/11/28 21:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2C24168A-AEF7-4868-818A-2652A8AD4410

[2014/11/28 21:56:43 | 000,000,000 | ---D | C] -- C:\Users\Rasuka\AppData\Local\22222

[2014/11/27 22:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Knights of Pen and Paper

[2014/11/27 22:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Knights of Pen and Paper

[2014/11/14 22:06:59 | 030,619,240 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Rasuka\SkypeSetupFull.exe

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Rasuka\Documents\*.tmp files -> C:\Users\Rasuka\Documents\*.tmp -> ]

[1 C:\Users\Rasuka\AppData\Local\*.tmp files -> C:\Users\Rasuka\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/12/27 16:38:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/12/27 16:24:53 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/12/27 16:15:27 | 000,006,372 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141227154136

[2014/12/27 14:12:20 | 000,001,270 | ---- | M] () -- C:\Users\Rasuka\Desktop\ Mabinogi .lnk

[2014/12/27 13:32:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2014/12/27 12:46:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/12/27 12:46:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/12/27 11:37:04 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/12/27 10:55:39 | 000,671,558 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/12/27 10:55:39 | 000,131,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/12/27 10:55:38 | 000,791,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/12/27 10:49:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/12/27 10:42:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/12/27 10:17:42 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Rasuka.job

[2014/12/27 10:17:41 | 000,001,428 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.LNK

[2014/12/27 10:17:06 | 000,779,704 | ---- | M] (Symantec) -- C:\Users\Rasuka\Setup.exe

[2014/12/27 10:02:00 | 000,002,910 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141227095652

[2014/12/26 20:13:00 | 000,000,355 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ussclean

[2014/12/26 19:53:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\RegInOut on user logon - Rasuka.job

[2014/12/26 19:52:09 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys

[2014/12/26 19:49:56 | 000,000,235 | ---- | M] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml

[2014/12/26 19:45:05 | 000,001,497 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2014/12/26 18:55:21 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\RegInOut System Utilities.lnk

[2014/12/26 15:11:16 | 000,002,759 | ---- | M] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk

[2014/12/26 14:03:23 | 000,000,573 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_DCF3584B-8D31-11E4-833B-9C4E3627E7DC.job

[2014/12/26 04:04:30 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml

[2014/12/26 04:04:30 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml

[2014/12/25 10:38:28 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$

[2014/12/24 20:16:11 | 000,455,136 | ---- | M] () -- C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll

[2014/12/24 20:15:19 | 000,000,872 | ---- | M] () -- C:\Users\Rasuka\Desktop\SIW x64 Home Edition.lnk

[2014/12/24 20:15:03 | 000,000,000 | -H-- | M] () -- C:\Users\Rasuka\Documents\Default.rdp

[2014/12/24 20:11:04 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk

[2014/12/24 20:08:37 | 000,000,099 | ---- | M] () -- C:\Windows\Reimage.ini

[2014/12/24 18:27:21 | 995,996,754 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2014/12/23 21:06:59 | 000,242,376 | ---- | M] (Kaspersky Lab, Yury Parshin) -- C:\Windows\SysNative\drivers\71490227.sys

[2014/12/23 20:38:04 | 000,000,424 | ---- | M] () -- C:\Windows\SysNative\.crusader

[2014/12/23 19:19:14 | 000,002,970 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141223191743

[2014/12/22 14:14:36 | 002,011,342 | ---- | M] () -- C:\Users\Rasuka\IMG_20141222_132850.jpg

[2014/12/21 22:09:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2014/12/21 22:09:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2014/12/21 18:19:27 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/12/21 18:15:51 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141221181208

[2014/12/21 17:00:03 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job

[2014/12/21 15:06:34 | 000,002,874 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141221150518

[2014/12/21 15:05:24 | 000,000,304 | ---- | M] () -- C:\Windows\SysNative\TemporarFileConfiguration

[2014/12/20 11:45:41 | 000,014,125 | -H-- | M] () -- C:\Users\Rasuka\8DA7614F897FED714A91D68ED9B7C8C7B164D06C.torrent

[2014/12/19 22:06:25 | 000,001,512 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro

[2014/12/19 11:57:42 | 000,000,865 | ---- | M] () -- C:\Users\Rasuka\Desktop\µTorrent.lnk

[2014/12/13 10:34:45 | 000,000,020 | ---- | M] () -- C:\Windows\SysWow64\pub_store.dat

[2014/12/13 05:08:08 | 000,027,983 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2014/12/12 18:11:01 | 004,151,176 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

[2014/12/12 15:22:57 | 000,002,970 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141212152137

[2014/12/10 15:27:27 | 000,002,874 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141210152457

[2014/12/08 19:34:00 | 000,481,028 | ---- | M] () -- C:\Users\Rasuka\christmas card with border jpg.jpg

[2014/12/08 19:33:37 | 001,533,908 | ---- | M] () -- C:\Users\Rasuka\christmas card with border.psd

[2014/12/08 19:23:20 | 000,024,337 | ---- | M] () -- C:\Users\Rasuka\border.jpg

[2014/12/08 18:44:32 | 000,441,388 | ---- | M] () -- C:\Users\Rasuka\christmas card jpg.jpg

[2014/12/08 18:44:12 | 001,219,808 | ---- | M] () -- C:\Users\Rasuka\christmas card.psd

[2014/12/06 22:16:24 | 000,894,085 | ---- | M] (JamesR) -- C:\Users\Rasuka\Desktop\Le Bot 8.3.exe

[2014/12/03 18:52:07 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/12/02 11:32:09 | 000,002,874 | ---- | M] () -- C:\Windows\SysWow64\rsslogs.20141202105225

[2014/11/29 11:59:01 | 000,000,046 | ---- | M] () -- C:\Users\Rasuka\AppData\Roaming\CoreAVC.ini

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

[1 C:\Users\Rasuka\Documents\*.tmp files -> C:\Users\Rasuka\Documents\*.tmp -> ]

[1 C:\Users\Rasuka\AppData\Local\*.tmp files -> C:\Users\Rasuka\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/12/27 13:32:57 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2014/12/27 12:39:25 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2014/12/27 10:17:42 | 000,000,454 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Rasuka.job

[2014/12/27 10:17:41 | 000,001,428 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.LNK

[2014/12/27 10:17:35 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0400030.01B\isolate.ini

[2014/12/27 10:08:05 | 000,001,942 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2014/12/27 10:08:05 | 000,001,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk

[2014/12/27 10:08:05 | 000,000,964 | ---- | C] () -- C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2014/12/27 10:01:59 | 000,002,910 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141227095652

[2014/12/26 19:53:00 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\RegInOut on user logon - Rasuka.job

[2014/12/26 19:52:09 | 000,056,016 | ---- | C] () -- C:\Windows\SysNative\drivers\fsbts.sys

[2014/12/26 19:49:56 | 000,000,235 | ---- | C] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml

[2014/12/26 18:55:21 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\RegInOut System Utilities.lnk

[2014/12/26 18:00:37 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2014/12/26 15:11:16 | 000,002,759 | ---- | C] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk

[2014/12/26 14:03:23 | 000,000,573 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro_sch_DCF3584B-8D31-11E4-833B-9C4E3627E7DC.job

[2014/12/25 10:38:28 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$

[2014/12/25 09:43:59 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml

[2014/12/25 09:43:59 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml

[2014/12/24 20:16:11 | 000,455,136 | ---- | C] () -- C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll

[2014/12/24 20:15:19 | 000,000,872 | ---- | C] () -- C:\Users\Rasuka\Desktop\SIW x64 Home Edition.lnk

[2014/12/24 20:15:03 | 000,000,000 | -H-- | C] () -- C:\Users\Rasuka\Documents\Default.rdp

[2014/12/24 20:10:56 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk

[2014/12/24 20:08:37 | 000,000,099 | ---- | C] () -- C:\Windows\Reimage.ini

[2014/12/23 19:52:37 | 000,027,983 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2014/12/23 19:18:56 | 000,002,970 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141223191743

[2014/12/22 14:14:21 | 002,011,342 | ---- | C] () -- C:\Users\Rasuka\IMG_20141222_132850.jpg

[2014/12/21 22:09:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2014/12/21 22:09:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2014/12/21 20:25:18 | 000,000,424 | ---- | C] () -- C:\Windows\SysNative\.crusader

[2014/12/21 18:41:03 | 995,996,754 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2014/12/21 18:29:08 | 000,001,424 | ---- | C] () -- C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2014/12/21 18:19:27 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/12/21 18:18:45 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/12/21 18:18:45 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/12/21 18:15:50 | 000,003,284 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141221181208

[2014/12/21 15:06:30 | 000,002,874 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141221150518

[2014/12/20 11:45:57 | 000,014,125 | -H-- | C] () -- C:\Users\Rasuka\8DA7614F897FED714A91D68ED9B7C8C7B164D06C.torrent

[2014/12/16 09:30:50 | 000,000,304 | ---- | C] () -- C:\Windows\SysNative\TemporarFileConfiguration

[2014/12/13 10:34:45 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat

[2014/12/12 15:22:49 | 000,002,970 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141212152137

[2014/12/10 15:27:26 | 000,002,874 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141210152457

[2014/12/08 19:33:36 | 001,533,908 | ---- | C] () -- C:\Users\Rasuka\christmas card with border.psd

[2014/12/08 19:23:20 | 000,024,337 | ---- | C] () -- C:\Users\Rasuka\border.jpg

[2014/12/08 19:21:43 | 000,481,028 | ---- | C] () -- C:\Users\Rasuka\christmas card with border jpg.jpg

[2014/12/08 18:44:29 | 000,441,388 | ---- | C] () -- C:\Users\Rasuka\christmas card jpg.jpg

[2014/12/08 18:44:09 | 001,219,808 | ---- | C] () -- C:\Users\Rasuka\christmas card.psd

[2014/12/03 18:52:07 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/12/02 11:32:08 | 000,002,874 | ---- | C] () -- C:\Windows\SysWow64\rsslogs.20141202105225

[2014/11/29 11:43:10 | 000,000,046 | ---- | C] () -- C:\Users\Rasuka\AppData\Roaming\CoreAVC.ini

[2014/11/14 22:03:48 | 000,000,017 | ---- | C] () -- C:\Users\Rasuka\AppData\Local\resmon.resmoncfg

[2014/11/13 09:24:33 | 000,096,710 | ---- | C] () -- C:\Users\Rasuka\MyCampus Portal.pdf

[2014/11/06 13:50:48 | 000,023,729 | ---- | C] () -- C:\Users\Rasuka\tease jpg.jpg

[2014/11/06 13:41:57 | 000,188,139 | ---- | C] () -- C:\Users\Rasuka\tease.psd

[2014/11/03 19:26:34 | 001,900,921 | ---- | C] () -- C:\Users\Rasuka\IMG_20141103_190959.jpg

[2014/11/03 19:26:34 | 001,807,737 | ---- | C] () -- C:\Users\Rasuka\IMG_20141103_180608.jpg

[2014/11/03 19:26:33 | 001,954,809 | ---- | C] () -- C:\Users\Rasuka\IMG_20141103_191059.jpg

[2014/11/02 09:42:29 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll

[2014/11/02 09:42:29 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll

[2014/10/02 19:25:29 | 000,000,000 | ---- | C] () -- C:\Users\Rasuka\AppData\Local\{EE8CBE16-41C1-471A-8299-84711C452276}

[2014/09/29 07:32:43 | 000,752,393 | ---- | C] () -- C:\Users\Rasuka\hearts jpg.jpg

[2014/09/29 07:32:25 | 003,567,680 | ---- | C] () -- C:\Users\Rasuka\hearts.psd

[2014/09/25 07:59:19 | 000,123,336 | ---- | C] () -- C:\Users\Rasuka\phone bill.jpg

[2014/09/18 22:06:31 | 000,119,858 | ---- | C] () -- C:\Users\Rasuka\watch.jpg

[2014/09/13 10:36:23 | 088,218,878 | ---- | C] () -- C:\Users\Rasuka\MHR_Chemistry 12 Full Text.pdf

[2014/06/25 19:45:01 | 001,611,020 | ---- | C] () -- C:\Users\Rasuka\3.jpg

[2014/06/25 19:44:51 | 001,720,480 | ---- | C] () -- C:\Users\Rasuka\2.jpg

[2014/06/25 19:44:45 | 001,613,229 | ---- | C] () -- C:\Users\Rasuka\1.jpg

[2014/05/20 23:33:38 | 000,348,088 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll

[2014/05/20 23:33:32 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2014/05/20 23:33:32 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll

[2014/03/31 11:27:10 | 002,445,192 | ---- | C] () -- C:\Users\Rasuka\RHPO April 19 2014.pdf

[2014/03/01 13:45:42 | 000,008,046 | ---- | C] () -- C:\Program Files (x86)\Common Files\setupBanner.jpg

[2014/03/01 13:45:38 | 000,037,607 | ---- | C] () -- C:\Program Files (x86)\Common Files\license.rtf

[2014/02/20 10:28:10 | 000,563,989 | ---- | C] () -- C:\Users\Rasuka\AppData\Local\Fiesta.bin

[2013/12/18 12:03:17 | 000,003,748 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml

[2013/05/16 08:06:23 | 000,001,102 | ---- | C] () -- C:\Users\Rasuka\pixelavatar96.png

[2013/04/14 13:33:08 | 000,001,872 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2013/04/12 09:22:06 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2013/02/15 10:00:00 | 000,089,915 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv

[2013/02/15 09:46:25 | 000,001,355 | ---- | C] () -- C:\Users\Rasuka\AppData\Roaming\Network Meter_Settings.ini

[2013/01/26 15:28:58 | 000,000,552 | ---- | C] () -- C:\Users\Rasuka\SciTE.session

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/13 11:02:09 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\AC3Filter

[2014/02/17 18:30:34 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Anvil Studio

[2013/04/12 10:07:05 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Azureus

[2014/10/23 20:31:12 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\com.filament.cps

[2014/10/08 08:08:43 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Disney Interactive Studios

[2014/11/22 15:53:49 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Doublefine

[2012/08/29 11:00:07 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\EurekaLog

[2013/12/01 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\FiestaOnline

[2014/12/26 18:54:11 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\fijryhfa

[2012/09/09 18:32:52 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Foxit Software

[2012/08/29 12:14:58 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\GameHouse

[2014/12/24 19:06:18 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\gnqunwbz

[2013/08/01 17:36:47 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Lenovo

[2014/05/09 09:19:17 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\LSC

[2014/08/03 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Oracle

[2014/06/01 14:17:26 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Origin

[2014/12/21 14:57:50 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\ovqzwhds

[2014/12/21 17:40:53 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\qtpcszcz

[2014/12/23 21:48:01 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\qxdbanzr

[2014/12/05 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Risoquz

[2013/07/01 11:52:22 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Rogue Legacy

[2014/12/26 14:04:06 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\SpeedyPC Software

[2014/12/21 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\sxkykjhe

[2014/04/03 21:37:46 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Synthesia

[2014/04/30 19:38:02 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\TeamViewer

[2014/11/01 11:46:36 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Usmexe

[2014/12/21 18:11:10 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\uTorrent

[2014/12/21 14:51:25 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\vaovhrak

[2012/12/31 09:32:50 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\WildTangent

[2012/08/26 02:38:32 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Zone.com Deluxe Games

[2013/08/01 10:31:45 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

[2014/12/13 10:34:41 | 000,000,000 | ---D | M] -- C:\Users\Rasuka\AppData\Roaming\Ñ¸À×ÓÎÏ·

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2014/12/15 20:53:33 | 000,000,000 | ---D | M](C:\Users\Rasuka\????) -- C:\Users\Rasuka\衝上雲霄

[2014/12/15 20:50:50 | 000,000,000 | ---D | C](C:\Users\Rasuka\????) -- C:\Users\Rasuka\衝上雲霄

[2014/12/13 10:35:12 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

[2014/12/13 10:33:57 | 000,001,340 | ---- | M] ()(C:\Users\Rasuka\Desktop\??7.lnk) -- C:\Users\Rasuka\Desktop\迅雷7.lnk

[2014/12/13 10:33:57 | 000,001,340 | ---- | C] ()(C:\Users\Rasuka\Desktop\??7.lnk) -- C:\Users\Rasuka\Desktop\迅雷7.lnk

[2014/12/13 10:33:56 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷

[2014/11/29 11:42:47 | 000,000,000 | ---D | M](C:\Users\Rasuka\Documents\????) -- C:\Users\Rasuka\Documents\搜狐影音

[2014/11/29 11:32:07 | 000,000,000 | ---D | M](C:\Program Files (x86)\????) -- C:\Program Files (x86)\搜狐影音

[2014/11/29 11:32:07 | 000,000,000 | ---D | C](C:\Users\Rasuka\Documents\????) -- C:\Users\Rasuka\Documents\搜狐影音

[2014/11/29 11:31:58 | 000,001,914 | ---- | M] ()(C:\Users\Rasuka\Desktop\????????.lnk) -- C:\Users\Rasuka\Desktop\搜狐影音游戏大厅.lnk

[2014/11/29 11:31:58 | 000,001,914 | ---- | C] ()(C:\Users\Rasuka\Desktop\????????.lnk) -- C:\Users\Rasuka\Desktop\搜狐影音游戏大厅.lnk

[2014/11/29 11:31:58 | 000,001,880 | ---- | M] ()(C:\Users\Rasuka\Desktop\????.lnk) -- C:\Users\Rasuka\Desktop\搜狐影音.lnk

[2014/11/29 11:31:58 | 000,001,880 | ---- | C] ()(C:\Users\Rasuka\Desktop\????.lnk) -- C:\Users\Rasuka\Desktop\搜狐影音.lnk

[2014/11/29 11:31:58 | 000,001,858 | ---- | M] ()(C:\Users\Rasuka\Desktop\???????.lnk) -- C:\Users\Rasuka\Desktop\高清热播影视剧.lnk

[2014/11/29 11:31:58 | 000,001,858 | ---- | C] ()(C:\Users\Rasuka\Desktop\???????.lnk) -- C:\Users\Rasuka\Desktop\高清热播影视剧.lnk

[2014/11/29 11:31:58 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音

[2014/11/29 11:31:43 | 000,000,000 | ---D | C](C:\Program Files (x86)\????) -- C:\Program Files (x86)\搜狐影音

[2014/11/29 11:31:22 | 000,000,000 | ---D | M](C:\Users\Rasuka\AppData\Local\Temp?) -- C:\Users\Rasuka\AppData\Local\Temp尰

[2014/11/29 11:31:22 | 000,000,000 | ---D | C](C:\Users\Rasuka\AppData\Local\Temp?) -- C:\Users\Rasuka\AppData\Local\Temp尰

[2013/11/16 21:47:04 | 000,291,949 | ---- | C] ()(C:\Users\Rasuka\??_&_3ca7a6fa-b95d-45a6-b658-e15796c2f524.jpg) -- C:\Users\Rasuka\穿心_&_3ca7a6fa-b95d-45a6-b658-e15796c2f524.jpg

[2013/11/16 21:47:04 | 000,172,689 | ---- | C] ()(C:\Users\Rasuka\????_&_bf4f9d70-964d-4e4b-af02-58201f4a276e.jpg) -- C:\Users\Rasuka\调皮猫咪_&_bf4f9d70-964d-4e4b-af02-58201f4a276e.jpg

[2013/11/14 10:19:56 | 000,172,689 | ---- | M] ()(C:\Users\Rasuka\????_&_bf4f9d70-964d-4e4b-af02-58201f4a276e.jpg) -- C:\Users\Rasuka\调皮猫咪_&_bf4f9d70-964d-4e4b-af02-58201f4a276e.jpg

[2013/11/14 10:18:17 | 000,291,949 | ---- | M] ()(C:\Users\Rasuka\??_&_3ca7a6fa-b95d-45a6-b658-e15796c2f524.jpg) -- C:\Users\Rasuka\穿心_&_3ca7a6fa-b95d-45a6-b658-e15796c2f524.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:AD022376

< End of report >

Extras of OLT report:-

OTL Extras logfile created on: 27/12/2014 1:52:39 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rasuka\Computer stuff

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.86 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 54.23% Memory free

15.73 Gb Paging File | 11.13 Gb Available in Paging File | 70.73% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 420.56 Gb Total Space | 68.42 Gb Free Space | 16.27% Space Free | Partition Type: NTFS

Drive D: | 25.47 Gb Total Space | 21.79 Gb Free Space | 85.54% Space Free | Partition Type: NTFS

Drive F: | 7.39 Gb Total Space | 2.77 Gb Free Space | 37.46% Space Free | Partition Type: FAT32

Computer Name: RASUKA-PC | User Name: Rasuka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.txt[@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.txt [@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\NOTEPAD.EXE %1 (Microsoft Corporation)

Unknown [openas] -- Reg Error: Value error.

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\NOTEPAD.EXE %1 (Microsoft Corporation)

Unknown [openas] -- Reg Error: Value error.

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01F1A067-60F3-43CB-9065-F1C917648F44}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{104D1B71-AAF9-4A8A-8DD1-07F014E51664}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{35070DCB-038E-418B-84CB-4CD8AAC29912}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{45667F1C-C30B-48EA-A0FF-4DE2BF13A9A7}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) |

"{484B2891-E04A-4499-86D0-8F40FBB096C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{5DE88D52-5033-42C1-B0D6-1F0C46B8BED6}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{847CBF97-83A3-4D6B-95CD-E6F3CBFB0931}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8F2319EA-7943-46D7-9434-A4C105C8F707}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{BEB03C72-694B-4FD3-AF3F-04249043B8BA}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D3F34DEB-3AAF-4C26-89E4-9AC4E1BB6EA8}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{DF2945E1-83F7-49D3-81EE-107EFC3114FB}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FACBFC60-721D-4CFB-92B5-AA8FCF9F87AC}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |

"{0069A966-4EBC-45F7-B6F3-B486798A0D5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fate\fate.exe |

"{010D9DD9-6041-4B7A-98D7-F6F3A3ABA8A9}" = protocol=17 | dir=in | app=c:\users\rasuka\appdata\roaming\utorrent\utorrent.exe |

"{02788419-EB28-4486-BA5E-9A142DC25F8F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fate undiscovered realms\fate.exe |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{03D07441-ABE8-46B6-9EC0-256744B07475}" = protocol=6 | dir=in | app=h:\grandchase\main.exe |

"{053C5F0C-49A0-41B2-96E1-8CD7DB699866}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe |

"{05A3672C-97EC-42C4-8A34-56BB3ABA61D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |

"{067A9CA7-8B9D-438C-BFAE-F89125B0FB63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\precipice of darkness 3\rainslick3.exe |

"{09C63BE8-EC0F-45FA-8CFA-445162D4EBBC}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |

"{0A7DD073-4C2D-4970-BA56-2F1F7A6CCEF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\violett\violett.exe |

"{0EE089C9-CE3C-4075-9EF8-61813676A226}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |

"{11132F26-D42C-4105-B5FE-FAD76A96AACE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fate undiscovered realms\fate.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{17F88618-0FFD-4F93-9A2C-F96622F05C39}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |

"{21684871-F4D2-480E-B470-628C3A3228B2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |

"{21B56C7C-DD9B-4809-A850-7F0CB528B3F4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |

"{2602887E-FE00-467E-BC79-A8B7E064AA35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds_radeon.exe |

"{260FCDF2-0FB0-4588-B08E-1B7C226E3752}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\bejeweled 3\bejeweled3.exe |

"{288AACA6-F7F3-4058-A2B5-F9578E0CD30E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the critter chronicles\critterchronicles.exe |

"{32593BB0-3AC1-4B90-8D85-5A24E33F7D71}" = protocol=17 | dir=in | app=h:\grandchase\main.exe |

"{3E2A8244-8202-467F-B8A2-BCBA3D2DE0BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\precipice of darkness 3\rainslick3.exe |

"{419B8CE9-F328-4BAE-9E38-5CC3D093D116}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grimm\grimmlauncher.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |

"{4B6F61A9-ADCB-49BF-950B-721C7C82A64B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witch's yarn\witchsyarn.exe |

"{4D6E28F0-0063-4CB2-A4B2-18063106790E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe |

"{5006C5DD-909D-4E88-A010-F57DDE8B7578}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |

"{510749EB-49E0-402F-B0AA-C14FDBD962AB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{55292CDF-10CA-416E-BC4E-EC2688BF1626}" = protocol=17 | dir=in | app=f:\ntreev\grand chase\main.exe |

"{55692B89-04D5-471D-8893-948702F6BF30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |

"{5873A86C-9356-41E3-B579-FAF168D2EAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |

"{5AF3CCED-30AD-4404-989B-D0EEF5A39E4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe |

"{60737778-0DFD-44BD-B535-4C7AC90EB1EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the book of unwritten tales\bout.exe |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6898288B-7709-40D8-89F0-CCA5380FADB6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6CD70CCA-0386-4D13-ADAD-5C7456DA4127}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe |

"{6D97660C-F5EB-4622-9DDA-2D79BEB4E1CD}" = protocol=6 | dir=in | app=e:\grandchase\main.exe |

"{72D43BD8-659D-4A93-A9CB-5B0AA255A445}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds_radeon.exe |

"{760D8847-DDA4-4EF9-B0C9-54B9582B44DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mabinogi\nxsteam.exe |

"{76897822-5596-49D1-B7FD-25640F0A0EE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |

"{777B1C27-8D17-48B3-A7C9-DC2FC492E474}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\bejeweled 3\bejeweled3.exe |

"{77C4689D-AF4C-45E5-BE4B-CA790BF7F8ED}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{78D69872-FEE4-4502-9994-E2FDCE30A238}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{7C37A0AF-4718-4FEC-AD98-C9D74E52CB8B}" = dir=in | app=c:\windows\explorer.exe |

"{7DAD6D0D-E43C-45D6-8259-134270AA57AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{84E4571D-38B6-4D51-B3C1-ADCC6EC7A012}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{86CC45F2-3207-401C-B6DD-29A76B5236DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\violett\violett.exe |

"{8869860C-6997-4899-BDF5-258F043334B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awalkinthedark\awalkinthedark.exe |

"{8922BB8C-BCB9-4D51-9AAF-7956D787A733}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe |

"{8C0A5B25-F4F5-4063-9519-FA6C2F4F5F27}" = protocol=17 | dir=in | app=c:\users\rasuka\appdata\roaming\utorrent\utorrent.exe |

"{8DA8235A-C118-4E9A-B9A6-2FD4B0C9D3A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witch's yarn\witchsyarn.exe |

"{8DF33EDF-216A-4E05-83E8-CDCF7ADB8BE9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\xlbugreport.exe |

"{93CB9834-F1FB-4554-936D-DF63F594532A}" = protocol=17 | dir=in | app=e:\grandchase\main.exe |

"{9A124C37-ADB3-497F-85F6-0E3983912A85}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{A003B604-1425-42E3-AA36-5138BCAD2AC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awalkinthedark\awalkinthedark.exe |

"{A0310154-7DEA-47D6-93BE-466C63390FE2}" = dir=in | app=c:\windows\system32\rundll32.exe |

"{A0DED3B8-A189-4A55-A6FC-05B881B7E9F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |

"{A1F42A03-D2B8-4124-A705-1333926F9CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |

"{A349783A-6220-48D0-9EF3-7D939E3E2423}" = protocol=6 | dir=in | app=c:\users\rasuka\appdata\roaming\utorrent\utorrent.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A5665216-FB32-4F90-973F-E706657711F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the critter chronicles\critterchronicles.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{ACF15978-6FCA-409B-9638-F01E6B5D81F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mabinogi\nxsteam.exe |

"{B49F7FD2-9A8F-4BCA-B6FE-8766B5B60F36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grimm\grimmlauncher.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{C4192C3E-1F47-4390-BA2C-80ED9F7A3DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |

"{C6672693-91CE-405F-8408-C92885A9136C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds.exe |

"{C873ABE0-F83F-4A9D-91DE-2376768576FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy vii\ff7_launcher.exe |

"{CBC1D777-8967-4497-8EA9-D71AFF7F3799}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\peggle deluxe\peggle.exe |

"{CC8B7975-B7F0-4B97-BDA1-3D3900AA76BF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D02183BE-EB5D-4439-B645-9A1A4F4C6C86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{D0299DF7-6B80-4D5F-98EC-3C303B77A1CC}" = protocol=6 | dir=in | app=f:\ntreev\grand chase\main.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D858E000-E59D-4A60-926D-B394DD997807}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\xlbugreport.exe |

"{D867AC42-2E41-4F8C-8286-02BD5C55E6A5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{DC746A90-2EB7-4BBF-8CA1-8A5A541C821C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fate\fate.exe |

"{DEB4FD0E-E615-46B7-A428-F28898052326}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E158DB0A-C653-499C-B16B-3EB031C9BE19}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\peggle deluxe\peggle.exe |

"{E5C0FA6D-0BE2-4E47-942D-B4EC9DB36D14}" = protocol=6 | dir=in | app=c:\users\rasuka\appdata\roaming\utorrent\utorrent.exe |

"{E69583B0-BF70-456D-8AD3-5CC0A3261FB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the book of unwritten tales\bout.exe |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E9952878-0215-4248-96D7-4442E687523E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |

"{E9A16F03-791C-4443-9C2C-86D9EDCA7C89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy vii\ff7_launcher.exe |

"{EAEB43B7-CC53-4C65-83D3-A8EC9D79CDD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds.exe |

"{EE665607-F7CD-4D19-B69C-780C701C7ABA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F83006FD-4AE8-4010-A0E8-44257B49745D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |

"{FB2CCAA3-C9DC-4A30-8958-3BD64F765A8B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{FDF14EE6-F5CE-417F-8E54-1242580B31D3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"TCP Query User{5AFAA320-039B-4F5F-B08A-04F65FABBE72}C:\program files (x86)\zone.com deluxe games\hexic deluxe\hexicdeluxe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zone.com deluxe games\hexic deluxe\hexicdeluxe.exe |

"TCP Query User{84181305-850B-4CD7-B284-579686D05CE6}C:\users\rasuka\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\rasuka\appdata\local\akamai\netsession_win.exe |

"TCP Query User{958D5360-B9D3-44DC-B68E-26D2861D5C4E}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe |

"TCP Query User{A0E81B93-60FD-4F49-BB35-4EF1CFA4CEB1}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |

"TCP Query User{B13481EA-EEB2-42C6-9E0A-A13F42F683DD}C:\users\rasuka\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\rasuka\appdata\local\akamai\netsession_win.exe |

"TCP Query User{F0571BEE-09C6-41DF-AB49-DE9209314AED}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"UDP Query User{3C15C5F3-A9C9-49E4-A89B-96A9E721ED52}C:\users\rasuka\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\rasuka\appdata\local\akamai\netsession_win.exe |

"UDP Query User{567E356C-95BD-448E-92D6-913A3DA35EE3}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"UDP Query User{79F4F4BC-A852-4FD2-8850-918CC642F4FC}C:\users\rasuka\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\rasuka\appdata\local\akamai\netsession_win.exe |

"UDP Query User{7F3E8211-B230-45BD-BECE-89499BFD0B0C}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |

"UDP Query User{BF9E0703-E871-4F28-8126-27249D356444}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\thunderplatform.exe |

"UDP Query User{E7F3BD85-2383-48C7-92A5-CFA563E26C78}C:\program files (x86)\zone.com deluxe games\hexic deluxe\hexicdeluxe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zone.com deluxe games\hexic deluxe\hexicdeluxe.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0927321C-2FD4-43DF-94A6-FC2FB355A7A7}_is1" = SIW x64 Home Edition

"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610

"{4169B8AC-D144-4E38-A9CA-637EA44129ED}" = Intel® Wireless Music device driver

"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{73ca1ddf-9d19-45f2-ad4c-04169ec13342}" = Intel® PRO/Wireless Driver

"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{83E68458-AF28-4CA4-8AFC-595A10307290}" = LenovoDrv_x64

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C481E27-751F-48B9-801D-C583F032DA50}" = Intel® PROSet/Wireless WiFi Software

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 347.09

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 347.09

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 14.6.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core

"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64

"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"5E61CDC4058A17FE9BE3046B1846F3118CD618B1" = Windows Driver Package - Lenovo Corporation (LAD) System (01/13/2012 1.0.0.2)

"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1)

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft Security Client" = Microsoft Security Essentials

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR 5.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{07C70C1E-E746-482A-82F9-943F024708CF}" = Alcor Micro USB Card Reader

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005

"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4

"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server

"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler

"{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}" = Intel® PROSet/Wireless Software

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver

"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0

"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67

"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models

"{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}" = Lenovo Smart Update

"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7

"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder

"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-490CW

"{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4

"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs

"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter

"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2

"{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}" = Plants vs. Zombies™

"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{715AD72D-887A-459E-988B-D4F3E87FA24B}" = Peggle

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4

"{74A8117D-07C6-4222-AFFD-51421B69DEF0}" = TRENDnet TEW-648UB Wireless N USB Adapter

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en

"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files

"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005

"{7FBAD091-89F7-4C77-A224-15FF4423C7D2}" = RealDownloader

"{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel® WiDi

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{87D0541E-7EB4-44AD-8A0D-D951152020C1}" = BlueStacks Notification Center

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610

"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)

"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera

"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4

"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4

"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content

"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool

"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BC3AFA60-3E98-4F5B-81B7-0A919050C0D7}" = Anvil Studio 2012

"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter

"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com

"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer

"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management

"{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}" = Anvil Studio

"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4

"{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1" = Cube World version 0.0.1

"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh

"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4

"{E26DE186-3540-4489-83D0-8BFFBFBDBBC8}" = Hexic Deluxe

"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610

"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup

"{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}" = Bejeweled® 3

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby

"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F40CA00E-B365-448A-B146-BC061F1230A0}" = Brownie

"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4

"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver

"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}" = NVIDIA PhysX (Legacy)

"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FD86651E-5875-4964-9E18-7F128292EBB1}" = Disney Epic Mickey 2

"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad

"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX

"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI

"Adobe Shockwave Player" = Adobe Shockwave Player 12.1

"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection

"Adobe_ced94c8db6b9767b7dd95a4c64ecdc8" = Adobe Setup

"Aimersoft Video Converter Ultimate_is1" = Aimersoft Video Converter Ultimate(Build 6.4.1.0)

"All Sound Recorder XP_is1" = All Sound Recorder XP 2.30

"AmUStor" = Alcor Micro USB Card Reader

"BlueStacks App Player" = BlueStacks App Player

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Connect" = Connect

"CoreAAC" = CoreAAC

"Costume Quest_is1" = Costume Quest

"Crazy Plant Shop1.1" = Crazy Plant Shop

"Fiesta Online NA" = Fiesta Online NA

"Foxit Reader" = Foxit Reader

"GOM Player" = GOM Player

"GOM Video Converter" = GOM Video Converter

"Google Chrome" = Google Chrome

"Granado Espada Online_is1" = Granado Espada Online

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam

"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD

"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management

"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide

"Knights of Pen and Paper_is1" = Knights of Pen and Paper

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028

"Mozilla Firefox 34.0.5 (x86 en-US)" = Mozilla Firefox 34.0.5 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSC" = McAfee AntiVirus Plus

"NSS" = Norton Security Scan

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Origin" = Origin

"Plants vs. Zombies" = Plants vs. Zombies

"PrintMusic! 2000" = PrintMusic! 2000

"QBeez 2_is1" = QBeez 2

"RealAlt_is1" = Real Alternative 1.8.0

"RegCure" = RegCure

"RegInOut System Utilities_is1" = RegInOut System Utilities

"ResourceHacker_is1" = Resource Hacker Version 3.6.0

"Ricochet Lost Worlds_is1" = Ricochet Lost Worlds

"Ricochet Xtreme Retail_is1" = Ricochet Xtreme

"Rogue Legacy_is1" = Rogue Legacy version 0.0.0.9

"SharpEye Music Reader 2" = SharpEye Music Reader 2

"Steam App 107100" = Bastion

"Steam App 1930" = Two Worlds: Epic Edition

"Steam App 19680" = Alice: Madness Returns

"Steam App 212200" = Mabinogi

"Steam App 213030" = Penny Arcade's On the Rain-Slick Precipice of Darkness 3

"Steam App 215160" = The Book of Unwritten Tales

"Steam App 221830" = The Book of Unwritten Tales: The Critter Chronicles

"Steam App 23310" = The Last Remnant

"Steam App 246840" = FATE

"Steam App 248730" = A Walk in the Dark

"Steam App 252150" = Grimm

"Steam App 257830" = Violett

"Steam App 276890" = FATE: Undiscovered Realms

"Steam App 287740" = The Witch's Yarn

"Steam App 39140" = FINAL FANTASY VII

"Synthesia" = Synthesia (remove only)

"TeamViewer 9" = TeamViewer 9

"thunder_is1" = Ñ¸À×7

"VeriFace" = VeriFace

"VLC media player" = VLC media player

"WinLiveSuite_Wave3" = Windows Live Essentials

"搜狐影音" = 搜狐影音

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 27/12/2014 10:56:44 AM | Computer Name = Rasuka-PC | Source = WinMgmt | ID = 10

Description =

Error - 27/12/2014 11:12:50 AM | Computer Name = Rasuka-PC | Source = WinMgmt | ID = 10

Description =

Error - 27/12/2014 11:16:33 AM | Computer Name = Rasuka-PC | Source = PerfNet | ID = 2004

Description =

Error - 27/12/2014 11:20:38 AM | Computer Name = Rasuka-PC | Source = WinMgmt | ID = 10

Description =

Error - 27/12/2014 11:20:46 AM | Computer Name = Rasuka-PC | Source = BstHdAndroidSvc | ID = 0

Description = Service cannot be started. System.ApplicationException: Cannot start

service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]

args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 27/12/2014 11:30:32 AM | Computer Name = Rasuka-PC | Source = WinMgmt | ID = 10

Description =

Error - 27/12/2014 11:43:42 AM | Computer Name = Rasuka-PC | Source = WinMgmt | ID = 10

Description =

Error - 27/12/2014 11:43:47 AM | Computer Name = Rasuka-PC | Source = BstHdAndroidSvc | ID = 0

Description = Service cannot be started. System.ApplicationException: Cannot start

service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]

args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 27/12/2014 3:42:24 PM | Computer Name = Rasuka-PC | Source = System Restore | ID = 8193

Description =

Error - 27/12/2014 3:42:24 PM | Computer Name = Rasuka-PC | Source = VSS | ID = 12298

Description =

[ System Events ]

Error - 27/12/2014 4:07:52 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003

Description =

Error - 27/12/2014 4:08:38 PM | Computer Name = Rasuka-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Skype

Updater service to connect.

Error - 27/12/2014 4:43:50 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003

Description =

Error - 27/12/2014 5:10:24 PM | Computer Name = Rasuka-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Modules Installer service to connect.

Error - 27/12/2014 5:10:24 PM | Computer Name = Rasuka-PC | Source = Service Control Manager | ID = 7000

Description = The Windows Modules Installer service failed to start due to the following

error: %%1053

Error - 27/12/2014 5:19:54 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003

Description =

Error - 27/12/2014 5:43:54 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003

Description =

Error - 27/12/2014 6:19:55 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003

Description =

Error - 27/12/2014 6:55:58 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003

Description =

Error - 27/12/2014 6:55:58 PM | Computer Name = Rasuka-PC | Source = bowser | ID = 8003

Description =

< End of report >

Lord and I wondered if normal scans should take like a good 6 hours XD

Edited by Rasuka, 27 December 2014 - 05:28 PM.

#2
Nevan

Posted 27 December 2014 - 06:02 PM

Trusted Helper

Malware Removal
1,765 posts

Hello, Rasuka. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started

I'd like to have another look at the system. Please, do the following:

FRST Scan

Download Farbar Recovery Scan Tool and save it to your Desktop.
Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
Make sure that Addition.txt is checked and press the Scan button.
It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

Things that should appear in your next post:

FRST.txt log content
Addition.txt log content

#3
Rasuka

Posted 27 December 2014 - 07:20 PM

Member

Topic Starter
Member
19 posts

Attached to this post is the two errors I get upon start up and the following is the logs you requested:

FRST Log:-

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014

Ran by Rasuka (administrator) on RASUKA-PC on 27-12-2014 20:18:42

Running from C:\Users\Rasuka\Computer stuff

Loaded Profiles: Rasuka & (Available profiles: Rasuka)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

Addition Log:-

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014

Ran by Rasuka at 2014-12-27 19:54:54

Running from C:\Users\Rasuka\Computer stuff

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\uTorrent) (Version: 3.4.2.37248 - BitTorrent Inc.)

µTorrent (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.37248 - BitTorrent Inc.)

A Walk in the Dark (HKLM-x32\...\Steam App 248730) (Version: - )

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)

Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)

Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden

Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)

Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Setup (HKLM-x32\...\Adobe_ced94c8db6b9767b7dd95a4c64ecdc8) (Version: 2.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)

Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden

Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden

Aimersoft Video Converter Ultimate(Build 6.4.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.4.1.0 - Aimersoft Software)

Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Akamai) (Version: - Akamai Technologies, Inc)

Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version: - Akamai Technologies, Inc)

Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.3042.60281 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 3.1.3042.60281 - Alcor Micro Corp.) Hidden

Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)

All Sound Recorder XP 2.30 (HKLM-x32\...\All Sound Recorder XP_is1) (Version: - MP3DO, Inc.)

Anvil Studio (HKLM-x32\...\{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}) (Version: 14.03.01 - Willow Software)

Anvil Studio 2012 (HKLM-x32\...\{BC3AFA60-3E98-4F5B-81B7-0A919050C0D7}) (Version: 12.12.07 - Willow Software)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)

Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)

Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)

Brownie (HKLM-x32\...\{F40CA00E-B365-448A-B146-BC061F1230A0}) (Version: 1.0.2 - Hotarugirl)

CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.50 - Conexant)

Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)

Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden

Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.0.0.07110 - Sony Corporation)

CoreAAC (HKLM-x32\...\CoreAAC) (Version: - )

Costume Quest (HKLM-x32\...\Costume Quest_is1) (Version: - )

Crazy Plant Shop (HKLM-x32\...\Crazy Plant Shop1.1) (Version: 1.1 - Foxy Games)

Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)

Disney Epic Mickey 2 (HKLM-x32\...\{FD86651E-5875-4964-9E18-7F128292EBB1}) (Version: 1.00.0000 - Disney Interactive Studios)

Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)

Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)

Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden

FATE (HKLM-x32\...\Steam App 246840) (Version: - WildTangent)

FATE: Undiscovered Realms (HKLM-x32\...\Steam App 276890) (Version: - WildTangent)

Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.01.516 - Gamigo games)

FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)

Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company)

GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)

GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.54 - Gretech Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version: - IMC Games Co., Ltd.)

Grimm (HKLM-x32\...\Steam App 252150) (Version: - Spicyhorse Games)

Hexic Deluxe (HKLM-x32\...\{E26DE186-3540-4489-83D0-8BFFBFBDBBC8}) (Version: 1.0.0 - Zone.com Deluxe Games)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)

Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)

Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )

Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)

Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Knights of Pen and Paper (HKLM-x32\...\Knights of Pen and Paper_is1) (Version: - Paradox Interactive)

kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden

Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.7 - Lenovo)

Lenovo CAPOSD (x32 Version: 1.0.0.7 - Lenovo) Hidden

Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3807 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 7.0.0.3807 - CyberLink Corp.) Hidden

Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.0.29 - Lenovo Corporation)

Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)

Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden

LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)

Mabinogi (HKLM-x32\...\Steam App 212200) (Version: - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)

Media Manager for WALKMAN 1.2 (HKLM-x32\...\{5A6ED905-D19D-4954-8499-0DAF386460F7}) (Version: 1.2.771 - Sony)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)

Ñ¸À×7 (HKLM-x32\...\thunder_is1) (Version: 7.9.30.4860 - Ñ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾)

Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )

Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)

NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)

NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)

osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)

PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden

Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)

Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version: - )

Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden

Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden

Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)

Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

PrintMusic! 2000 (HKLM-x32\...\PrintMusic! 2000) (Version: - )

QBeez 2 (HKLM-x32\...\QBeez 2_is1) (Version: - )

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )

RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

RegCure (HKLM-x32\...\RegCure) (Version: 3.0.2.0 - ParetoLogic, Inc.)

RegInOut System Utilities (HKLM-x32\...\RegInOut System Utilities_is1) (Version: 4.0 - SORCIM Technologies Pvt Ltd)

Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )

Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds_is1) (Version: - )

Ricochet Xtreme (HKLM-x32\...\Ricochet Xtreme Retail_is1) (Version: - Reflexive Entertainment, Inc.)

Rogue Legacy version 0.0.0.9 (HKLM-x32\...\Rogue Legacy_is1) (Version: 0.0.0.9 - WaLMaRT)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

SharpEye Music Reader 2 (HKLM-x32\...\SharpEye Music Reader 2) (Version: - Visiv)

SIW x64 Home Edition (HKLM\...\{0927321C-2FD4-43DF-94A6-FC2FB355A7A7}_is1) (Version: 2014.10.16 - Topala Software Solutions)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)

Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version: - )

System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)

The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version: - KING Art)

The Book of Unwritten Tales: The Critter Chronicles (HKLM-x32\...\Steam App 221830) (Version: - KING Art)

The Last Remnant (HKLM-x32\...\Steam App 23310) (Version: - SQUARE ENIX)

The Witch's Yarn (HKLM-x32\...\Steam App 287740) (Version: - Mousechief)

TRENDnet TEW-648UB Wireless N USB Adapter (HKLM-x32\...\{74A8117D-07C6-4222-AFFD-51421B69DEF0}) (Version: 1.00.0000 - TRENDnet)

Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version: - Reality Pump Studios)

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)

UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden

VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)

Violett (HKLM-x32\...\Steam App 257830) (Version: - Forever Entertainment S. A.)

VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)

Windows Driver Package - Lenovo Corporation (LAD) System (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

搜狐影音 (HKLM-x32\...\搜狐影音) (Version: 0.0.0.0 - 搜狐公司)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Rasuka\AppData\Roaming\ovqzwhds\tivesen.dll () <==== ATTENTION

==================== Restore Points =========================

24-12-2014 20:24:15 Removed NVIDIA PhysX (Legacy)

26-12-2014 15:05:46 Installed Sophos Virus Removal Tool.

26-12-2014 17:55:38 Installed Realtek Ethernet Controller All-In-One Windows Driver

26-12-2014 18:59:34 RegInOut Restore Point before Repair

26-12-2014 19:23:10 RegInOut Restore Point before Repair

27-12-2014 12:56:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-26 19:45 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

85.25.79.59 www.google-analytics.com.

85.25.79.59 google-analytics.com.

85.25.79.59 connect.facebook.net.

95.141.32.73 www.google-analytics.com.

95.141.32.73 google-analytics.com.

95.141.32.73 connect.facebook.net.

192.95.55.231 www.google-analytics.com.

192.95.55.231 google-analytics.com.

192.95.55.231 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {025A6CEF-C5AE-448C-8430-F0DA437902B9} - System32\Tasks\{F3BC409F-9772-4B6D-A738-4B8CD4912D11} => Iexplore.exe http://ui.skype.com/...;LastError=1603

Task: {0C9F50CC-E1ED-4DB7-822D-5557292AC80B} - System32\Tasks\{FEE8E489-4C4C-4BCB-BDB5-227194F09DCF} => Iexplore.exe http://ui.skype.com/...;LastError=1603

Task: {0D91EB19-AAB1-4274-8D64-1200DCC7A465} - System32\Tasks\{823FE0E4-B8C5-4B7C-A54E-C46D2DBD4573} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"

Task: {13A8472B-4D1B-40F8-A876-8CE8A422F41D} - System32\Tasks\RegCure Program Check => C:\Program Files (x86)\RegCure\RegCure.exe [2010-06-13] ()

Task: {185E1C55-F5D1-48F6-AC26-FC3F4438B3EF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1422646263-2310165737-2160699533-1001

Task: {1D20654C-A8B8-44D8-B766-52109305D06F} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe

Task: {21EBCB66-353E-4E1D-AE3F-2D12330C721C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NICMJNDJCMKJBJ"

Task: {22854C27-DDEA-4088-A6FF-35D963A7EDF3} - System32\Tasks\{E5BFC2D6-BDAB-40AE-9DEF-4DC68F2F500F} => Iexplore.exe http://ui.skype.com/...;LastError=1603

Task: {2345D6B0-CAFD-4E59-B8BD-4B090F69CF16} - System32\Tasks\RegCure => C:\Program Files (x86)\RegCure\RegCure.exe [2010-06-13] ()

Task: {2A2FEAEB-FFF7-4095-BD71-F985AEBAD5DE} - System32\Tasks\{D12BF48A-CC03-43AB-9EC3-99FED05B2D7A} => pcalua.exe -a "C:\Program Files (x86)\BlueStacks\HD-RuntimeUninstaller.exe"

Task: {346E7C27-6B5F-4759-9820-26CC924CE0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)

Task: {38DA9148-2EF2-4AEB-BC87-F3199E506247} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {398A327D-3379-4472-83B5-2FFA6016134A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {3D7C4A06-AD25-4063-8F48-EF7F635906DD} - System32\Tasks\{E5CC5A64-52CF-4623-B2C7-562AFE7CA212} => Iexplore.exe http://ui.skype.com/...?LastError=1603

Task: {469E4821-5767-48F5-85FD-9222334165A8} - System32\Tasks\{CEA399DE-E27B-4EC5-914B-C87A23C3500F} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"

Task: {47F257D5-1098-42A9-BBFE-856B2FAD1054} - System32\Tasks\{2A70A94C-0F7F-4C71-A6B8-46E26D6B249B} => Iexplore.exe http://ui.skype.com/...?LastError=1603

Task: {4D24C1F9-4217-4A50-B31E-BD9877BAD97C} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe

Task: {50A85377-9038-46E4-9397-BCB36F0563E8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {52B267EA-BE0E-4BA3-B3FC-9FA7F59BCA97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)

Task: {569563BC-0B15-431D-8D21-BB47F30D0003} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {5713371C-95A7-4917-ADED-232652F8C983} - System32\Tasks\{724FF4FC-7D91-454A-8AB7-9EAE5EF40960} => Iexplore.exe http://ui.skype.com/...?LastError=1618

Task: {5DDCFCD0-E807-4966-99C7-9CC479E588D2} - System32\Tasks\{E49F7C0D-F95A-47DC-AE9C-4E1E49F9390F} => pcalua.exe -a C:\Users\Rasuka\0wto11ww.exe -d C:\Users\Rasuka

Task: {6BA6068E-5650-46EB-8D88-37A2B326A1C8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {6EBE2D24-B182-4F48-A502-0039FF69469B} - System32\Tasks\Microsoft\9a1b17f20e0af55e311550975b4aa24a => C:\Users\Rasuka\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION

Task: {6EF09F29-7244-4BBF-94CE-D3FE3602FB51} - System32\Tasks\{45EA421A-51C9-4779-BABF-8240F25648FD} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1

Task: {707CADC8-4B7F-431E-8761-34F2668616BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {72CF49A3-4A4B-471F-9AD6-60E504295D6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)

Task: {74299258-8DAF-4BEF-9CDA-F9F30E7729E0} - System32\Tasks\Microsoft\a3d90235e1136671ab1195c6078184ff => C:\Users\Rasuka\AppData\Roaming\DownloadManager\Updater.exe <==== ATTENTION

Task: {749B25FB-5C8B-47A8-844C-B0F33197959E} - System32\Tasks\{FF3BA0B8-F3B1-435C-B6AF-C7D4A4F46508} => Iexplore.exe http://ui.skype.com/...?LastError=1603

Task: {8988B92E-0B73-44E3-9435-A8BEE01FC290} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-30] (RealNetworks, Inc.)

Task: {8A567B82-3ED9-452E-AE54-C4EBC2E271A9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)

Task: {9D80D751-04A3-4441-BEF6-108B9AAC389C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {9E65973D-8B00-4AE0-BCDF-529573DEE661} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe

Task: {9E840021-2EFA-4CE3-AF21-47F1C98F1E16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {A09EB468-DC96-47AC-95EB-C736B09E190D} - System32\Tasks\{3B3FD31A-46A5-418E-80F1-BCC52686A04A} => pcalua.exe -a "C:\Remote Programs\Chicken Invaders 3\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=742650;name=Chicken Invaders 3;dir=C:\Remote Programs\Chicken Invaders 3\;prvid=143;cmdid=1;prvdir=Default

Task: {A2678D7C-B865-45C2-9490-EC8780D52250} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)

Task: {A4C494A6-4C0A-4C39-8B84-DE489882957B} - System32\Tasks\{B4A23E6E-C0C0-4CA5-9481-633B8CE5467A} => pcalua.exe -a "C:\Users\Rasuka\Adobe Master Collection CS4\Adobe Master Collection CS4\Adobe CS4 Master Collection - Shadeyman\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent

Task: {AA8E2498-F463-4421-B4B9-7ED3506F056A} - System32\Tasks\{E233E265-7560-4FDF-88AD-B2514D009AD1} => pcalua.exe -a C:\Users\Rasuka\Downloads\t-engine-launcher.exe -d C:\Users\Rasuka\Downloads

Task: {AE726A4E-DD5B-4253-BF8E-86FE8ACB03D8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {AEC66460-48AF-4979-9C0F-660464DC180A} - System32\Tasks\{BB11BA80-79B8-4893-8223-A26E64A7486A} => pcalua.exe -a "C:\Users\Rasuka\Downloads\Horns 2013\WMP x264 Codec Pack.exe" -d "C:\Users\Rasuka\Downloads\Horns 2013"

Task: {B50B6778-5740-4285-A22F-6764F157C83C} - System32\Tasks\{36D133A2-797D-4CD0-AD2C-763552ED6126} => pcalua.exe -a C:\Users\Rasuka\caiu15us.exe -d C:\Users\Rasuka

Task: {B8048D3B-84B0-400E-93D7-311832C64D8C} - System32\Tasks\{8BA15FFB-045D-45EB-9020-A6C37C8646AE} => pcalua.exe -a "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs\overball-setup.exe" -d "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs"

Task: {C4E8C87A-F194-4320-8F46-807C437755C2} - System32\Tasks\4796 => Wscript.exe C:\Users\Rasuka\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {C632E5A5-C9EF-4CE7-A1C7-0D63D0B50AEB} - System32\Tasks\{87E18A00-70D7-4E23-8C0E-A96BD4689162} => Iexplore.exe http://ui.skype.com/...?LastError=1618

Task: {E6627E38-1E4B-47A9-BB9B-716B61F7A950} - System32\Tasks\Security Center Update - 2607807786 => C:\Users\Rasuka\AppData\Roaming\Usmexe\uhzut.exe <==== ATTENTION

Task: {E70CDEF9-7D08-4A58-ACCA-D1B5BA65651E} - System32\Tasks\{BA0D7B23-D099-401C-A2AA-E0DD6CB74988} => pcalua.exe -a "C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe" -d "C:\Program Files (x86)\Reason\Should I Remove It\"

Task: {E917B792-DBA4-4B94-971A-D99271FB5DF3} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-05] (Intel)

Task: {EAEEF2C9-DD4B-4BDE-8DD3-6E4C76426337} - System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C} => pcalua.exe -a "C:\Program Files (x86)\Thunder Network\Thunder\ThunderUninstall.exe"

Task: {ED767B26-1937-459B-9C14-E6263B654D6B} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION

Task: {EE9D73D2-AA24-421B-A05C-C075CC325A5B} - System32\Tasks\{4EF5DBBA-8C36-4DF5-BB7E-0DFC7D116955} => Iexplore.exe http://ui.skype.com/...;LastError=1603

Task: {F378FFE8-12D2-4B52-9FE5-ECED93D5AFED} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

Task: {FAE7BE10-0F93-4D10-9C7E-4F150E028997} - System32\Tasks\{4A51568A-7C5C-433B-A3C3-21CFEAD0EBEC} => pcalua.exe -a "C:\Remote Programs\Azteca\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=529250;name=Azteca;dir=C:\Remote Programs\Azteca\;prvid=143;cmdid=1;prvdir=Default

Task: {FEE02C20-EAE0-4317-9099-9B4E19D328C0} - System32\Tasks\{C7CAA15D-063A-45B7-BAF2-FC8F6EF10B5E} => pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Norton Security Scan for Rasuka.job => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe

Task: C:\Windows\Tasks\RegCure Program Check.job => C:\Program Files (x86)\RegCure\regcure.exe

Task: C:\Windows\Tasks\RegCure.job => C:\Program Files (x86)\RegCure\regcure.exe

Task: C:\Windows\Tasks\RegInOut on user logon - Rasuka.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe

Task: C:\Windows\Tasks\SpeedyPC Pro_sch_DCF3584B-8D31-11E4-833B-9C4E3627E7DC.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-05-30 18:10 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-10-29 16:38 - 2014-10-29 16:38 - 03166208 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-05-30 18:32 - 2012-05-30 18:32 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll

2014-10-29 16:38 - 2014-10-29 16:38 - 02507776 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll

2012-05-30 18:32 - 2012-05-30 18:32 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll

2014-11-02 09:42 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll

2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll

2014-07-30 01:17 - 2014-07-30 01:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll

2012-04-19 18:22 - 2012-05-30 18:42 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll

2014-07-30 04:04 - 2014-07-30 04:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

2013-07-12 16:55 - 2008-06-26 18:09 - 00167936 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe

2012-05-30 18:16 - 2012-04-16 02:17 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

2012-05-30 18:31 - 2011-12-08 13:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-10-17 21:52 - 2014-10-17 21:52 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll

2014-12-13 10:33 - 2014-12-13 10:32 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll

2014-12-13 10:33 - 2014-12-13 10:32 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll

2014-12-13 10:32 - 2014-12-13 10:32 - 00684032 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\libexpat.dll

2014-12-13 10:32 - 2014-12-13 10:33 - 00015360 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\mini_unzip_dll.dll

2014-12-26 18:54 - 2014-12-26 18:54 - 00133120 _____ () C:\Users\Rasuka\AppData\Roaming\fijryhfa\colers.dll

2014-12-13 10:32 - 2014-11-24 18:40 - 00254408 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\BrowserSupportMoudle.dll

2014-12-13 10:33 - 2014-12-13 10:32 - 00129480 _____ () C:\Program Files (x86)\Thunder Network\Thunder\tp\tp_proxy.dll

2014-12-13 10:38 - 2013-11-06 20:27 - 00014280 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Program\iEmbed.dll

2014-12-17 10:54 - 2014-12-17 10:54 - 00024008 _____ () C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush\WifiDetector\WifiDetector.dll

2014-12-13 10:32 - 2014-12-13 10:32 - 00019968 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\minizip.dll

2014-12-13 10:32 - 2014-12-13 10:32 - 00077824 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\zlib1.dll

2014-12-13 10:32 - 2014-12-13 10:32 - 00143360 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\libexpat.dll

2014-12-13 10:32 - 2014-12-13 10:32 - 00012288 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\mini_unzip_dll.dll

2014-12-13 10:32 - 2014-12-13 10:32 - 00018296 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\dl_uac_tool.dll

2014-12-13 10:32 - 2014-12-13 10:32 - 00053112 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\XLCrypto.dll

2014-12-13 10:32 - 2014-12-13 10:32 - 00534984 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\ts.dll

2014-12-13 10:32 - 2014-12-13 10:32 - 01268168 _____ () c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.252_1111\emule_kernel.dll

2012-05-30 18:29 - 2012-02-20 18:08 - 00021040 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll

2012-05-30 18:29 - 2012-02-20 18:08 - 00089136 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\CommonTools.dll

2014-12-21 18:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-21 18:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-21 18:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-21 18:19 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-21 18:19 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18545332.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29763148.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18545332.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29763148.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1422646263-2310165737-2160699533-500 - Administrator - Disabled)

Guest (S-1-5-21-1422646263-2310165737-2160699533-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1422646263-2310165737-2160699533-1003 - Limited - Enabled)

Rasuka (S-1-5-21-1422646263-2310165737-2160699533-1001 - Administrator - Enabled) => C:\Users\Rasuka

==================== Faulty Device Manager Devices =============

Name: F:\

Description: Card Reader

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Multiple

Service: WUDFRd

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

Name: MagicISO SCSI Host Controller

Description: MagicISO SCSI Host Controller

Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}

Manufacturer: MagicISO, Inc.

Service: mcdbus

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:

==================

Error: (12/27/2014 06:41:35 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 06:41:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.

at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/27/2014 06:04:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d

Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664

Exception code: 0x80000003

Fault offset: 0x00001425

Faulting process id: 0x269c

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3

Error: (12/27/2014 02:42:24 PM) (Source: VSS) (EventID: 12298) (User: )

Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{dbb41548-aaaa-11e1-bd66-806e6f6e6963}\.

The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.

], Flush[0x00000000, The operation completed successfully.

], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.

], OnRun[0x00000000, The operation completed successfully.

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Error: (12/27/2014 02:42:24 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = c:\PROGRA~1\mcafee\vul\mcvulctr.exe -Embedding; Description = McAfee Vulnerability Scanner; Error = 0x81000101).

Error: (12/27/2014 10:43:47 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.

at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/27/2014 10:43:42 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 10:30:32 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 10:20:46 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.

at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/27/2014 10:20:38 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (12/27/2014 07:56:02 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer XDLOLWTF-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4C664B27-4F08-4406-B0A7-0EF30F874AD9}.

The master browser is stopping or an election is being forced.

Error: (12/27/2014 07:19:57 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer XDLOLWTF-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4C664B27-4F08-4406-B0A7-0EF30F874AD9}.

The master browser is stopping or an election is being forced.

Error: (12/27/2014 07:09:13 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {2F4C0E0C-80AD-4105-9A0F-4BA90BB64296}

Error: (12/27/2014 07:07:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The WMI Performance Adapter service failed to start due to the following error:

%%1053

Error: (12/27/2014 07:07:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the WMI Performance Adapter service to connect.

Error: (12/27/2014 07:01:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee Scanner service failed to start due to the following error:

%%1053

Error: (12/27/2014 07:01:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Scanner service to connect.

Error: (12/27/2014 07:01:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The iPod Service service failed to start due to the following error:

%%1053

Error: (12/27/2014 07:01:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

Error: (12/27/2014 07:01:05 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Microsoft Office Sessions:

=========================

Error: (12/27/2014 06:41:35 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 06:41:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.

at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/27/2014 06:04:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425269c01d0222962ad851eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc331173f-8e1c-11e4-9b33-047d7bd9bec7

Error: (12/27/2014 02:42:24 PM) (Source: VSS) (EventID: 12298) (User: )

Description: \\?\Volume{dbb41548-aaaa-11e1-bd66-806e6f6e6963}\00x00000000, The operation completed successfully.

0x00000000, The operation completed successfully.

0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.

0x00000000, The operation completed successfully.

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Error: (12/27/2014 02:42:24 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: c:\PROGRA~1\mcafee\vul\mcvulctr.exe -EmbeddingMcAfee Vulnerability Scanner0x81000101