Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RegSvr32 multiple error msg - Module failed to load [Solved]

Started by Rasuka , Dec 27 2014 05:27 PM

This topic is locked

#16
Nevan

Posted 31 December 2014 - 02:14 PM

Trusted Helper

Malware Removal
1,765 posts

Hello, Rasuka.

It looks like your problem with CPU isn't related with malware. As I can see from your Task Manager, your system runs over 120 processes, which is an enormous number (I have 62 now, for example).
I will sweep off some unnecessary startups and tasks from your system, should help a bit.

You could also visit your uninstall list and remove programs you don't use anymore.

Step #1
FRST Fix

Download attached fixlist.txt file to your desktop.
fixlist.txt 15.32KB 257 downloads
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
Press the Fix button just once and wait.
NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Step #2
AdwCleaner

Download AdwCleaner to your Desktop.
Close any open windows
Disable your Antivirus program
Double click AdwCleaner.exe on your desktop to run it
Click the button
Wait for AdwCleaner to finish the scan
When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click button. A Notepad window will be opened
Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Remember to enable your Antivirus program once you're done!

Things that should appear in your next post:

Fixlog.txt log content
AdwCleaner log content
Please tell me if disabling and uninstalling programs helped with your CPU problem

#17
Rasuka

Posted 31 December 2014 - 04:45 PM

Member

Topic Starter
Member
19 posts

It's a little faster than it was once it started running but from what I can see even after closing some processes it is still running at 95% CPU I will figure out what is causing the massive CPU usage. The videos seem to also be running better than it was so it is a plus

Here are the logs you requested:-

Fixlog:-

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014

Ran by Rasuka at 2014-12-31 15:30:49 Run:3

Running from C:\Users\Rasuka\Desktop

Loaded Profiles: Rasuka & (Available profiles: Rasuka)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CreateRestorePoint:

ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(752).dll (深圳市迅雷网络技术有限公司)

ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => No File

BHO-x32: Ñ¸À×ÏÂÔØÖ§³Ö×é¼þ -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)

2014-12-13 10:35 - 2014-12-14 22:02 - 00000000 ____D () C:\Program Files\Common Files\Thunder Network

2014-12-13 10:34 - 2014-12-13 10:34 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Ñ¸À×ÓÎÏ·

2014-12-13 10:33 - 2014-12-13 14:20 - 00000000 ____D () C:\Users\Public\Thunder Network

2014-12-13 10:33 - 2014-12-13 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷

2014-12-13 10:32 - 2014-12-30 17:23 - 00000000 ____D () C:\Program Files (x86)\Thunder Network

2014-12-13 10:32 - 2014-12-13 10:35 - 00000000 ____D () C:\ProgramData\Thunder Network

2014-12-13 10:28 - 2014-12-13 10:32 - 32010184 _____ (深圳市迅雷网络技术有限公司) C:\Users\Rasuka\Downloads\Thunder_dl_7.9.30.4860.exe

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [378968 2012-01-05] (Alcor Micro Corp.)

HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [606024 2013-09-19] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-28] ()

HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [423200 2008-07-11] (Sony Corporation)

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Rasuka\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2014-12-19] (Valve Corporation)

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-07-14] (Microsoft Corporation)

Task: {025A6CEF-C5AE-448C-8430-F0DA437902B9} - System32\Tasks\{F3BC409F-9772-4B6D-A738-4B8CD4912D11} => Iexplore.exe http://ui.skype.com/...;LastError=1603

Task: {0C9F50CC-E1ED-4DB7-822D-5557292AC80B} - System32\Tasks\{FEE8E489-4C4C-4BCB-BDB5-227194F09DCF} => Iexplore.exe http://ui.skype.com/...;LastError=1603

Task: {0D91EB19-AAB1-4274-8D64-1200DCC7A465} - System32\Tasks\{823FE0E4-B8C5-4B7C-A54E-C46D2DBD4573} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"

Task: {185E1C55-F5D1-48F6-AC26-FC3F4438B3EF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1422646263-2310165737-2160699533-1001

Task: {21EBCB66-353E-4E1D-AE3F-2D12330C721C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NICMJNDJCMKJBJ"

Task: {22854C27-DDEA-4088-A6FF-35D963A7EDF3} - System32\Tasks\{E5BFC2D6-BDAB-40AE-9DEF-4DC68F2F500F} => Iexplore.exe http://ui.skype.com/...;LastError=1603

Task: {2A2FEAEB-FFF7-4095-BD71-F985AEBAD5DE} - System32\Tasks\{D12BF48A-CC03-43AB-9EC3-99FED05B2D7A} => pcalua.exe -a "C:\Program Files (x86)\BlueStacks\HD-RuntimeUninstaller.exe"

Task: {3D7C4A06-AD25-4063-8F48-EF7F635906DD} - System32\Tasks\{E5CC5A64-52CF-4623-B2C7-562AFE7CA212} => Iexplore.exe http://ui.skype.com/...?LastError=1603

Task: {469E4821-5767-48F5-85FD-9222334165A8} - System32\Tasks\{CEA399DE-E27B-4EC5-914B-C87A23C3500F} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"

Task: {47F257D5-1098-42A9-BBFE-856B2FAD1054} - System32\Tasks\{2A70A94C-0F7F-4C71-A6B8-46E26D6B249B} => Iexplore.exe http://ui.skype.com/...?LastError=1603

Task: {5713371C-95A7-4917-ADED-232652F8C983} - System32\Tasks\{724FF4FC-7D91-454A-8AB7-9EAE5EF40960} => Iexplore.exe http://ui.skype.com/...?LastError=1618

Task: {5B6E992A-10E7-4E7B-8C4F-F05FC2F376B7} - System32\Tasks\{3BA1A2CC-ADC2-4769-9128-7D1F9D21A55E} => pcalua.exe -a C:\Users\Rasuka\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL

Task: {6EF09F29-7244-4BBF-94CE-D3FE3602FB51} - System32\Tasks\{45EA421A-51C9-4779-BABF-8240F25648FD} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1

Task: {749B25FB-5C8B-47A8-844C-B0F33197959E} - System32\Tasks\{FF3BA0B8-F3B1-435C-B6AF-C7D4A4F46508} => Iexplore.exe http://ui.skype.com/...?LastError=1603

Task: {8988B92E-0B73-44E3-9435-A8BEE01FC290} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-30] (RealNetworks, Inc.)

Task: {9E65973D-8B00-4AE0-BCDF-529573DEE661} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe

Task: {A09EB468-DC96-47AC-95EB-C736B09E190D} - System32\Tasks\{3B3FD31A-46A5-418E-80F1-BCC52686A04A} => pcalua.exe -a "C:\Remote Programs\Chicken Invaders 3\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=742650;name=Chicken Invaders 3;dir=C:\Remote Programs\Chicken Invaders 3\;prvid=143;cmdid=1;prvdir=Default

Task: {AA8E2498-F463-4421-B4B9-7ED3506F056A} - System32\Tasks\{E233E265-7560-4FDF-88AD-B2514D009AD1} => pcalua.exe -a C:\Users\Rasuka\Downloads\t-engine-launcher.exe -d C:\Users\Rasuka\Downloads

Task: {AEC66460-48AF-4979-9C0F-660464DC180A} - System32\Tasks\{BB11BA80-79B8-4893-8223-A26E64A7486A} => pcalua.exe -a "C:\Users\Rasuka\Downloads\Horns 2013\WMP x264 Codec Pack.exe" -d "C:\Users\Rasuka\Downloads\Horns 2013"

Task: {B8048D3B-84B0-400E-93D7-311832C64D8C} - System32\Tasks\{8BA15FFB-045D-45EB-9020-A6C37C8646AE} => pcalua.exe -a "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs\overball-setup.exe" -d "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs"

Task: {C632E5A5-C9EF-4CE7-A1C7-0D63D0B50AEB} - System32\Tasks\{87E18A00-70D7-4E23-8C0E-A96BD4689162} => Iexplore.exe http://ui.skype.com/...?LastError=1618

Task: {E70CDEF9-7D08-4A58-ACCA-D1B5BA65651E} - System32\Tasks\{BA0D7B23-D099-401C-A2AA-E0DD6CB74988} => pcalua.exe -a "C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe" -d "C:\Program Files (x86)\Reason\Should I Remove It\"

Task: {EAEEF2C9-DD4B-4BDE-8DD3-6E4C76426337} - System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C} => pcalua.exe -a "C:\Program Files (x86)\Thunder Network\Thunder\ThunderUninstall.exe"

Task: {EE9D73D2-AA24-421B-A05C-C075CC325A5B} - System32\Tasks\{4EF5DBBA-8C36-4DF5-BB7E-0DFC7D116955} => Iexplore.exe http://ui.skype.com/...;LastError=1603

Task: {F378FFE8-12D2-4B52-9FE5-ECED93D5AFED} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

Task: {FAE7BE10-0F93-4D10-9C7E-4F150E028997} - System32\Tasks\{4A51568A-7C5C-433B-A3C3-21CFEAD0EBEC} => pcalua.exe -a "C:\Remote Programs\Azteca\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=529250;name=Azteca;dir=C:\Remote Programs\Azteca\;prvid=143;cmdid=1;prvdir=Default

Task: {FEE02C20-EAE0-4317-9099-9B4E19D328C0} - System32\Tasks\{C7CAA15D-063A-45B7-BAF2-FC8F6EF10B5E} => pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"

EmptyTemp:

*****************

Restore point was successfully created.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AAADesktopTips" => Key deleted successfully.

"HKCR\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}" => Key deleted successfully.

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AAADesktopTips" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482} => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{DE05CF4A-7B0A-4775-B5E5-396244938679}" => Key deleted successfully.

C:\Program Files\Common Files\Thunder Network => Moved successfully.

C:\Users\Rasuka\AppData\Roaming\Ñ¸À×ÓÎÏ· => Moved successfully.

C:\Users\Public\Thunder Network => Moved successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷 => Moved successfully.

C:\Program Files (x86)\Thunder Network => Moved successfully.

C:\ProgramData\Thunder Network => Moved successfully.

C:\Users\Rasuka\Downloads\Thunder_dl_7.9.30.4860.exe => Moved successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AmIcoSinglun64 => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BlueStacks Agent => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Aimersoft Helper Compact.exe => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DelaypluginInstall => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ContentTransferWMDetector.exe => value deleted successfully.

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully.

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value deleted successfully.

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr => value deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{025A6CEF-C5AE-448C-8430-F0DA437902B9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{025A6CEF-C5AE-448C-8430-F0DA437902B9}" => Key deleted successfully.

C:\Windows\System32\Tasks\{F3BC409F-9772-4B6D-A738-4B8CD4912D11} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F3BC409F-9772-4B6D-A738-4B8CD4912D11}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C9F50CC-E1ED-4DB7-822D-5557292AC80B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C9F50CC-E1ED-4DB7-822D-5557292AC80B}" => Key deleted successfully.

C:\Windows\System32\Tasks\{FEE8E489-4C4C-4BCB-BDB5-227194F09DCF} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FEE8E489-4C4C-4BCB-BDB5-227194F09DCF}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D91EB19-AAB1-4274-8D64-1200DCC7A465}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D91EB19-AAB1-4274-8D64-1200DCC7A465}" => Key deleted successfully.

C:\Windows\System32\Tasks\{823FE0E4-B8C5-4B7C-A54E-C46D2DBD4573} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{823FE0E4-B8C5-4B7C-A54E-C46D2DBD4573}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{185E1C55-F5D1-48F6-AC26-FC3F4438B3EF}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{185E1C55-F5D1-48F6-AC26-FC3F4438B3EF}" => Key deleted successfully.

C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-1422646263-2310165737-2160699533-1001 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-1422646263-2310165737-2160699533-1001" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21EBCB66-353E-4E1D-AE3F-2D12330C721C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21EBCB66-353E-4E1D-AE3F-2D12330C721C}" => Key deleted successfully.

C:\Windows\System32\Tasks\Open URL by RoboForm => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22854C27-DDEA-4088-A6FF-35D963A7EDF3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22854C27-DDEA-4088-A6FF-35D963A7EDF3}" => Key deleted successfully.

C:\Windows\System32\Tasks\{E5BFC2D6-BDAB-40AE-9DEF-4DC68F2F500F} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5BFC2D6-BDAB-40AE-9DEF-4DC68F2F500F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A2FEAEB-FFF7-4095-BD71-F985AEBAD5DE}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A2FEAEB-FFF7-4095-BD71-F985AEBAD5DE}" => Key deleted successfully.

C:\Windows\System32\Tasks\{D12BF48A-CC03-43AB-9EC3-99FED05B2D7A} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D12BF48A-CC03-43AB-9EC3-99FED05B2D7A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D7C4A06-AD25-4063-8F48-EF7F635906DD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D7C4A06-AD25-4063-8F48-EF7F635906DD}" => Key deleted successfully.

C:\Windows\System32\Tasks\{E5CC5A64-52CF-4623-B2C7-562AFE7CA212} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5CC5A64-52CF-4623-B2C7-562AFE7CA212}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{469E4821-5767-48F5-85FD-9222334165A8}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{469E4821-5767-48F5-85FD-9222334165A8}" => Key deleted successfully.

C:\Windows\System32\Tasks\{CEA399DE-E27B-4EC5-914B-C87A23C3500F} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CEA399DE-E27B-4EC5-914B-C87A23C3500F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47F257D5-1098-42A9-BBFE-856B2FAD1054}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F257D5-1098-42A9-BBFE-856B2FAD1054}" => Key deleted successfully.

C:\Windows\System32\Tasks\{2A70A94C-0F7F-4C71-A6B8-46E26D6B249B} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A70A94C-0F7F-4C71-A6B8-46E26D6B249B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5713371C-95A7-4917-ADED-232652F8C983}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5713371C-95A7-4917-ADED-232652F8C983}" => Key deleted successfully.

C:\Windows\System32\Tasks\{724FF4FC-7D91-454A-8AB7-9EAE5EF40960} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{724FF4FC-7D91-454A-8AB7-9EAE5EF40960}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B6E992A-10E7-4E7B-8C4F-F05FC2F376B7}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B6E992A-10E7-4E7B-8C4F-F05FC2F376B7}" => Key deleted successfully.

C:\Windows\System32\Tasks\{3BA1A2CC-ADC2-4769-9128-7D1F9D21A55E} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BA1A2CC-ADC2-4769-9128-7D1F9D21A55E}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EF09F29-7244-4BBF-94CE-D3FE3602FB51}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EF09F29-7244-4BBF-94CE-D3FE3602FB51}" => Key deleted successfully.

C:\Windows\System32\Tasks\{45EA421A-51C9-4779-BABF-8240F25648FD} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{45EA421A-51C9-4779-BABF-8240F25648FD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{749B25FB-5C8B-47A8-844C-B0F33197959E}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{749B25FB-5C8B-47A8-844C-B0F33197959E}" => Key deleted successfully.

C:\Windows\System32\Tasks\{FF3BA0B8-F3B1-435C-B6AF-C7D4A4F46508} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF3BA0B8-F3B1-435C-B6AF-C7D4A4F46508}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8988B92E-0B73-44E3-9435-A8BEE01FC290}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8988B92E-0B73-44E3-9435-A8BEE01FC290}" => Key deleted successfully.

C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderDownloaderScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E65973D-8B00-4AE0-BCDF-529573DEE661}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E65973D-8B00-4AE0-BCDF-529573DEE661}" => Key deleted successfully.

C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A09EB468-DC96-47AC-95EB-C736B09E190D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A09EB468-DC96-47AC-95EB-C736B09E190D}" => Key deleted successfully.

C:\Windows\System32\Tasks\{3B3FD31A-46A5-418E-80F1-BCC52686A04A} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B3FD31A-46A5-418E-80F1-BCC52686A04A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA8E2498-F463-4421-B4B9-7ED3506F056A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA8E2498-F463-4421-B4B9-7ED3506F056A}" => Key deleted successfully.

C:\Windows\System32\Tasks\{E233E265-7560-4FDF-88AD-B2514D009AD1} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E233E265-7560-4FDF-88AD-B2514D009AD1}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEC66460-48AF-4979-9C0F-660464DC180A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEC66460-48AF-4979-9C0F-660464DC180A}" => Key deleted successfully.

C:\Windows\System32\Tasks\{BB11BA80-79B8-4893-8223-A26E64A7486A} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BB11BA80-79B8-4893-8223-A26E64A7486A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8048D3B-84B0-400E-93D7-311832C64D8C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8048D3B-84B0-400E-93D7-311832C64D8C}" => Key deleted successfully.

C:\Windows\System32\Tasks\{8BA15FFB-045D-45EB-9020-A6C37C8646AE} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8BA15FFB-045D-45EB-9020-A6C37C8646AE}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C632E5A5-C9EF-4CE7-A1C7-0D63D0B50AEB}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C632E5A5-C9EF-4CE7-A1C7-0D63D0B50AEB}" => Key deleted successfully.

C:\Windows\System32\Tasks\{87E18A00-70D7-4E23-8C0E-A96BD4689162} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{87E18A00-70D7-4E23-8C0E-A96BD4689162}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E70CDEF9-7D08-4A58-ACCA-D1B5BA65651E}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E70CDEF9-7D08-4A58-ACCA-D1B5BA65651E}" => Key deleted successfully.

C:\Windows\System32\Tasks\{BA0D7B23-D099-401C-A2AA-E0DD6CB74988} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BA0D7B23-D099-401C-A2AA-E0DD6CB74988}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAEEF2C9-DD4B-4BDE-8DD3-6E4C76426337}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAEEF2C9-DD4B-4BDE-8DD3-6E4C76426337}" => Key deleted successfully.

C:\Windows\System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE9D73D2-AA24-421B-A05C-C075CC325A5B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE9D73D2-AA24-421B-A05C-C075CC325A5B}" => Key deleted successfully.

C:\Windows\System32\Tasks\{4EF5DBBA-8C36-4DF5-BB7E-0DFC7D116955} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4EF5DBBA-8C36-4DF5-BB7E-0DFC7D116955}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F378FFE8-12D2-4B52-9FE5-ECED93D5AFED}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F378FFE8-12D2-4B52-9FE5-ECED93D5AFED}" => Key deleted successfully.

C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run RoboForm TaskBar Icon" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAE7BE10-0F93-4D10-9C7E-4F150E028997}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAE7BE10-0F93-4D10-9C7E-4F150E028997}" => Key deleted successfully.

C:\Windows\System32\Tasks\{4A51568A-7C5C-433B-A3C3-21CFEAD0EBEC} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4A51568A-7C5C-433B-A3C3-21CFEAD0EBEC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEE02C20-EAE0-4317-9099-9B4E19D328C0}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEE02C20-EAE0-4317-9099-9B4E19D328C0}" => Key deleted successfully.

C:\Windows\System32\Tasks\{C7CAA15D-063A-45B7-BAF2-FC8F6EF10B5E} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C7CAA15D-063A-45B7-BAF2-FC8F6EF10B5E}" => Key deleted successfully.

EmptyTemp: => Removed 75.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 15:42:22 ====

Adware Log:-

# AdwCleaner v4.106 - Report created 31/12/2014 at 16:49:02

# Updated 21/12/2014 by Xplode

# Database : 2014-12-30.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Rasuka - RASUKA-PC

# Running from : C:\Users\Rasuka\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage

File Found : C:\Windows\Reimage.ini

Folder Found : C:\ProgramData\speedypc software

Folder Found : C:\Users\Rasuka\AppData\Local\CrashRpt

Folder Found : C:\Users\Rasuka\AppData\Roaming\speedypc software

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\speedypc software

Key Found : [x64] HKCU\Software\speedypc software

Key Found : HKLM\SOFTWARE\speedypc software

Key Found : [x64] HKLM\SOFTWARE\Reimage

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v39.0.2171.95

[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322287&octid=EB_ORIGINAL_CTID&ISID=M3B560494-7A45-4B99-BB77-62634285F0E4&SearchSource=58&CUI=&UM=5&UP=SPECF79270-BBCD-490B-93CD-EC21209C68A8&q={searchTerms}&SSPV=

[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=pb2&co=TJ&userid=f3343465-5860-4fe2-82ba-fdea1cb2f4bf&sp=addr&q={searchTerms}&t=c0127&uid=8b345008

[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}

[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [308 octets] - [21/12/2014 15:31:38]

AdwCleaner[R1].txt - [65296 octets] - [21/12/2014 15:34:37]

AdwCleaner[R2].txt - [1252 octets] - [21/12/2014 17:42:13]

AdwCleaner[R3].txt - [1380 octets] - [23/12/2014 19:38:51]

AdwCleaner[R4].txt - [815 octets] - [31/12/2014 16:14:30]

AdwCleaner[R5].txt - [2689 octets] - [31/12/2014 16:49:02]

AdwCleaner[S0].txt - [70226 octets] - [21/12/2014 15:44:28]

AdwCleaner[S1].txt - [1319 octets] - [21/12/2014 17:44:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [2870 octets] ##########

#18
Rasuka

Posted 31 December 2014 - 05:04 PM

Member

Topic Starter
Member
19 posts

just a curious question is there supposed to be 13 svchost.exe processes running just because that is how many I have running and that just seems like a big number

#19
Nevan

Posted 01 January 2015 - 04:26 PM

Trusted Helper

Malware Removal
1,765 posts

Hello, Rasuka.

just a curious question is there supposed to be 13 svchost.exe processes running just because that is how many I have running and that just seems like a big number

Everything is okay with that number, I have like 15 of them as well. It's normal, nothing to worry about.

I'm pretty sure that you will solve the CPU problem as I've told you what's going on - you just have too many programs running.

Let's move on.

Step #1
Junkware Removal Tool

Download Junkware Removal Tool to your Desktop
Close any open windows
Disable your Antivirus program
Double click JRT.exe on your desktop to run it
Click any button to start the scan
Wait for Junkware Removal Tool to finish the scan
When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Step #2
AdwCleaner

Close any open windows
Double click AdwCleaner.exe on your desktop to run it
Click the button
Wait for AdwCleaner to finish the scan
When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click button.
When the cleaning is finished, the program will ask you to reboot the system. Please do so.
Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S2].txt.
Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Remember to enable your Antivirus program once you're done!

Step #3
FRST Scan

Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
Make sure that Addition.txt is checked and press the Scan button.
It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

Things that should appear in your next post:

JRT.txt log content
AdwCleaner[S2].txt log content
FRST.txt log content
Addition.txt log content

#20
Rasuka

Posted 01 January 2015 - 07:49 PM

Member

Topic Starter
Member
19 posts

Hai Happy New Year

As requested here are the logs:-

JRT log:-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Home Premium x64

Ran by Rasuka on 01/01/2015 at 17:45:52.90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ThunderNewTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ThunderNewTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ThunderNewTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ThunderNewTask_RASMANCS

~~~ Files

Successfully deleted: [File] "C:\Windows\reimage.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"

Successfully deleted: [Folder] "C:\Users\Rasuka\AppData\Roaming\speedypc software"

~~~ FireFox

Emptied folder: C:\Users\Rasuka\AppData\Roaming\mozilla\firefox\profiles\qsbpguso.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01/01/2015 at 19:40:27.82

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner log:-

# AdwCleaner v4.106 - Report created 01/01/2015 at 20:10:10

# Updated 21/12/2014 by Xplode

# Database : 2015-01-01.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Rasuka - RASUKA-PC

# Running from : C:\Users\Rasuka\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Rasuka\AppData\Local\CrashRpt

File Deleted : C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\speedypc software

Key Deleted : HKLM\SOFTWARE\speedypc software

Key Deleted : [x64] HKLM\SOFTWARE\Reimage

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v39.0.2171.95

[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322287&octid=EB_ORIGINAL_CTID&ISID=M3B560494-7A45-4B99-BB77-62634285F0E4&SearchSource=58&CUI=&UM=5&UP=SPECF79270-BBCD-490B-93CD-EC21209C68A8&q={searchTerms}&SSPV=

[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=pb2&co=TJ&userid=f3343465-5860-4fe2-82ba-fdea1cb2f4bf&sp=addr&q={searchTerms}&t=c0127&uid=8b345008

[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}

[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [308 octets] - [21/12/2014 15:31:38]

AdwCleaner[R1].txt - [65296 octets] - [21/12/2014 15:34:37]

AdwCleaner[R2].txt - [1252 octets] - [21/12/2014 17:42:13]

AdwCleaner[R3].txt - [1380 octets] - [23/12/2014 19:38:51]

AdwCleaner[R4].txt - [815 octets] - [31/12/2014 16:14:30]

AdwCleaner[R5].txt - [2958 octets] - [31/12/2014 16:49:02]

AdwCleaner[R6].txt - [2866 octets] - [01/01/2015 19:45:38]

AdwCleaner[S0].txt - [70226 octets] - [21/12/2014 15:44:28]

AdwCleaner[S1].txt - [1319 octets] - [21/12/2014 17:44:00]

AdwCleaner[S2].txt - [2752 octets] - [01/01/2015 20:10:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2812 octets] ##########

FRST log:-

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014

Ran by Rasuka (administrator) on RASUKA-PC on 01-01-2015 20:20:26

Running from C:\Users\Rasuka\Desktop

Loaded Profile: Rasuka (Available profiles: Rasuka)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

() C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-30] (Synaptics)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-29] (NVIDIA Corporation)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-05-30] (Lenovo(beijing) Limited)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-30] (Lenovo (Beijing) Limited)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)

HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)

HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-30] (Lenovo)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe [3244080 2012-04-06] (Lenovo)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()

HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-16] (LENOVO)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk

ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()

Startup: C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...t&type=avastbcl

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/

HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...p={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> No File

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)

BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> No File

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - No File

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - No File

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File

Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198

Tcpip\..\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{8AE1D0C4-7173-439A-A816-1CE62C27BD64}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{CC6CA805-4581-4164-8FC0-492B3F3009C8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{D3694D17-36C2-4024-9423-D8AEE6EFE184}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{FE9367BC-57FD-431C-AFE2-10F4FBAC625F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:

========

FF ProfilePath: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default

FF DefaultSearchUrl: https://ca.search.yahoo.com/yhs/search

FF SearchEngineOrder.1: Yahoo! (Avast)

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)

FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)

FF SearchPlugin: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\searchplugins\yahoo-avast.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml

FF Extension: CallChannelManager Class - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7} [2014-11-11]

FF Extension: iMacros for Firefox - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-12-19]

FF Extension: RefControl - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2012-12-20]

FF Extension: Greasemonkey - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-12-20]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-17]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-17]

FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

FF Extension: No Name - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-04-14]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-04]

FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:

=======

CHR HomePage: Default ->

CHR DefaultSearchKeyword: Default -> google.ca_

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-21]

CHR Extension: (Google Docs) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-21]

CHR Extension: (Google Drive) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-21]

CHR Extension: (YouTube) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-21]

CHR Extension: (Google Search) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-21]

CHR Extension: (Tampermonkey) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-21]

CHR Extension: (Google Sheets) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-21]

CHR Extension: (Google Wallet) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-21]

CHR Extension: (Gmail) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-21]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)

S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)

S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-16] ()

R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-05] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164184 2012-04-16] (Intel Corporation)

R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5434008 2013-08-25] (INCA Internet Co., Ltd.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-26] (Electronic Arts)

S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()

S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-17] (RealNetworks, Inc.)

S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]

R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)

R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-12-26] ()

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)

R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)

R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-13] (TODO: <Company name>)

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)

S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)

S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)

S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]

U3 BcmSqlStartupSvc; No ImagePath

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

U2 CLKMSVC10_3A60B698; No ImagePath

U2 CLKMSVC10_C3B3B687; No ImagePath

U2 DriverService; No ImagePath

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

U2 iATAgentService; No ImagePath

U2 idealife Update Service; No ImagePath

U3 IGRS; No ImagePath

U2 IviRegMgr; No ImagePath

S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

U2 Oasis2Service; No ImagePath

U2 PCCarerService; No ImagePath

U2 ReadyComm.DirectRouter; No ImagePath

U2 RichVideo; No ImagePath

U2 RtLedService; No ImagePath

U2 SeaPort; No ImagePath

S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]

U2 SoftwareService; No ImagePath

U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 19:40 - 2015-01-01 19:40 - 00001426 _____ () C:\Users\Rasuka\Desktop\JRT.txt

2015-01-01 17:42 - 2015-01-01 17:43 - 01707939 _____ (Thisisu) C:\Users\Rasuka\Desktop\JRT.exe

2014-12-31 16:26 - 2014-12-27 14:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-12-31 16:26 - 2014-12-27 14:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-12-31 16:07 - 2014-12-31 16:07 - 02173952 _____ () C:\Users\Rasuka\Desktop\AdwCleaner.exe

2014-12-31 14:25 - 2014-12-31 14:25 - 00002978 _____ () C:\Windows\SysWOW64\rsslogs.20141231090416

2014-12-31 09:05 - 2014-12-31 09:05 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001

2014-12-31 09:05 - 2014-12-31 09:05 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001

2014-12-30 11:21 - 2014-12-30 11:21 - 00305496 _____ () C:\Windows\Minidump\123014-57002-01.dmp

2014-12-29 22:08 - 2014-12-30 18:40 - 00047884 _____ () C:\Users\Rasuka\Desktop\Addition.txt

2014-12-29 16:36 - 2014-12-29 16:36 - 00002958 _____ () C:\Windows\SysWOW64\rsslogs.20141229163422

2014-12-29 10:07 - 2014-12-29 10:07 - 00002969 _____ () C:\Windows\SysWOW64\rsslogs.20141229100044

2014-12-29 09:30 - 2014-12-29 09:33 - 00011920 _____ () C:\Windows\SysWOW64\rsslogs.20141229092849

2014-12-28 18:17 - 2014-12-28 18:19 - 00011527 _____ () C:\Users\Rasuka\Desktop\ckfiles.txt

2014-12-28 17:45 - 2014-12-28 17:45 - 00468480 _____ () C:\Users\Rasuka\Desktop\CKScanner.exe

2014-12-28 15:41 - 2014-12-28 15:41 - 00000000 ____D () C:\Users\Rasuka\Desktop\FRST-OlderVersion

2014-12-28 12:37 - 2014-12-28 12:37 - 00000020 ___SH () C:\Users\Rasuka\ntuser.ini

2014-12-28 11:15 - 2014-12-28 11:15 - 00308360 _____ () C:\Windows\Minidump\122814-59514-01.dmp

2014-12-28 08:20 - 2014-12-28 08:20 - 00000000 _____ () C:\Users\Rasuka\AppData\Local\{D7C78B3C-29B7-4F9D-9D6D-05D8D4771822}

2014-12-28 08:06 - 2014-12-28 08:06 - 00003186 _____ () C:\Windows\SysWOW64\rsslogs.20141228080627

2014-12-27 21:28 - 2015-01-01 20:32 - 00036788 _____ () C:\Users\Rasuka\Desktop\FRST.txt

2014-12-27 21:26 - 2014-12-28 15:41 - 02123264 _____ (Farbar) C:\Users\Rasuka\Desktop\FRST64.exe

2014-12-27 19:25 - 2015-01-01 20:26 - 00000000 ____D () C:\FRST

2014-12-27 15:45 - 2014-12-27 16:15 - 00006372 _____ () C:\Windows\SysWOW64\rsslogs.20141227154136

2014-12-27 13:32 - 2014-12-28 13:52 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-12-27 10:17 - 2014-12-28 13:36 - 00000000 ____D () C:\ProgramData\Norton

2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\ProgramData\Symantec

2014-12-27 10:01 - 2014-12-27 10:02 - 00002910 _____ () C:\Windows\SysWOW64\rsslogs.20141227095652

2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean.tmp

2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean

2014-12-26 19:53 - 2014-12-26 19:53 - 00000398 _____ () C:\Windows\Tasks\RegInOut on user logon - Rasuka.job

2014-12-26 19:52 - 2014-12-26 19:52 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys

2014-12-26 19:49 - 2014-12-26 19:49 - 00000235 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml

2014-12-26 19:31 - 2015-01-01 20:13 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001

2014-12-26 19:31 - 2015-01-01 20:13 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001

2014-12-26 19:22 - 2014-12-26 21:45 - 00000000 ____D () C:\ProgramData\Backup

2014-12-26 18:18 - 2014-12-26 21:00 - 00000000 ____D () C:\ProgramData\RegInOut

2014-12-26 15:13 - 2014-12-31 16:03 - 00000000 ____D () C:\ProgramData\Sophos

2014-12-26 09:25 - 2014-12-26 09:25 - 00262144 _____ () C:\Windows\system32\config\userdiff

2014-12-25 12:22 - 2014-12-25 15:20 - 00000752 _____ () C:\Windows\DtcInstall.log

2014-12-25 11:01 - 2014-12-25 11:19 - 00001446 _____ () C:\Windows\comsetup.log

2014-12-25 10:38 - 2014-12-25 10:38 - 00000002 _____ () C:\$UpgDrv$

2014-12-25 10:37 - 2014-12-25 10:37 - 00001594 _____ () C:\Windows\CompatibilityIssues.txt

2014-12-25 10:20 - 2014-12-26 09:25 - 00000000 ____D () C:\$UPGRADE.~OS

2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagwrn.xml

2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagerr.xml

2014-12-24 20:16 - 2014-12-24 20:16 - 00455136 ____T () C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll

2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____H () C:\Users\Rasuka\Documents\Default.rdp

2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW

2014-12-24 20:14 - 2014-12-24 20:15 - 00000000 ____D () C:\Program Files\SIW Home Edition

2014-12-24 19:43 - 2014-12-27 10:08 - 00000000 ____D () C:\Windows\pss

2014-12-24 18:43 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-12-24 18:27 - 2014-12-24 18:27 - 00305192 _____ () C:\Windows\Minidump\122414-8112-01.dmp

2014-12-24 11:23 - 2014-12-24 11:23 - 00305000 _____ () C:\Windows\Minidump\122414-45427-01.dmp

2014-12-23 23:03 - 2014-12-23 23:03 - 00000000 ____D () C:\ProgramData\F-Secure

2014-12-23 21:13 - 2014-12-26 13:36 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-12-23 21:06 - 2014-12-23 21:06 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\71490227.sys

2014-12-23 20:36 - 2014-12-23 21:48 - 00000000 ____D () C:\Users\Rasuka\Downloads\tdsskiller

2014-12-23 20:36 - 2014-12-23 20:37 - 05198336 _____ (AVAST Software) C:\Users\Rasuka\Downloads\aswMBR.exe

2014-12-23 20:35 - 2014-12-23 20:35 - 04166770 _____ () C:\Users\Rasuka\Downloads\tdsskiller.zip

2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\SysWOW64\NV

2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\system32\NV

2014-12-23 19:52 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-12-23 19:52 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2014-12-23 19:52 - 2014-12-13 05:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys

2014-12-23 19:52 - 2014-12-13 05:08 - 00027983 _____ () C:\Windows\system32\nvinfo.pb

2014-12-23 19:18 - 2014-12-23 19:19 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141223191743

2014-12-23 19:01 - 2014-12-23 19:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-22 14:13 - 2014-12-31 19:12 - 00212480 ___SH () C:\Users\Rasuka\Thumbs.db

2014-12-21 22:09 - 2014-12-21 22:09 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-21 22:09 - 2014-12-21 22:09 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-21 22:09 - 2014-12-21 22:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-21 22:09 - 2014-12-21 22:09 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-12-21 22:09 - 2014-12-21 22:09 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-12-21 22:09 - 2014-12-21 22:09 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-12-21 22:09 - 2014-12-21 22:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-12-21 22:09 - 2014-12-21 22:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-12-21 22:09 - 2014-12-21 22:09 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-12-21 22:08 - 2014-12-21 22:09 - 00003397 _____ () C:\Windows\IE9_main.log

2014-12-21 20:25 - 2014-12-23 20:38 - 00000424 _____ () C:\Windows\system32\.crusader

2014-12-21 18:59 - 2014-12-21 20:29 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-12-21 18:59 - 2014-12-21 18:59 - 11222744 _____ (SurfRight B.V.) C:\Users\Rasuka\Downloads\HitmanPro_x64.exe

2014-12-21 18:41 - 2014-12-30 11:21 - 1091069408 _____ () C:\Windows\MEMORY.DMP

2014-12-21 18:41 - 2014-12-21 18:41 - 00287584 _____ () C:\Windows\Minidump\122114-17612-01.dmp

2014-12-21 18:29 - 2014-12-22 09:07 - 00001424 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2014-12-21 18:26 - 2015-01-01 20:11 - 00036390 _____ () C:\Windows\PFRO.log

2014-12-21 18:19 - 2014-12-21 18:19 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-21 18:19 - 2014-12-21 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-12-21 18:18 - 2015-01-01 20:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-21 18:18 - 2015-01-01 20:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-21 18:16 - 2015-01-01 20:26 - 00787986 _____ () C:\Windows\WindowsUpdate.log

2014-12-21 18:15 - 2014-12-21 18:15 - 00003284 _____ () C:\Windows\SysWOW64\rsslogs.20141221181208

2014-12-21 18:11 - 2015-01-01 20:12 - 00002683 _____ () C:\Windows\setupact.log

2014-12-21 18:11 - 2014-12-25 10:18 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-21 15:32 - 2014-12-21 15:32 - 00000000 ____D () C:\Windows\ERUNT

2014-12-21 15:31 - 2015-01-01 20:10 - 00000000 ____D () C:\AdwCleaner

2014-12-21 15:30 - 2014-12-21 15:30 - 02173952 _____ () C:\Users\Rasuka\Downloads\AdwCleaner.exe

2014-12-21 15:30 - 2014-12-21 15:30 - 01707646 _____ (Thisisu) C:\Users\Rasuka\Downloads\JRT.exe

2014-12-21 15:20 - 2014-12-21 15:21 - 124144376 _____ (Microsoft Corporation) C:\Users\Rasuka\Downloads\msert.exe

2014-12-21 15:06 - 2014-12-21 15:06 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141221150518

2014-12-17 20:10 - 2014-12-17 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-16 09:30 - 2014-12-21 15:05 - 00000304 _____ () C:\Windows\system32\TemporarFileConfiguration

2014-12-15 20:50 - 2014-12-15 20:53 - 00000000 ____D () C:\Users\Rasuka\衝上雲霄

2014-12-13 10:34 - 2014-12-13 10:34 - 00000020 _____ () C:\Windows\SysWOW64\pub_store.dat

2014-12-13 10:34 - 2014-12-13 10:32 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll

2014-12-13 10:34 - 2014-12-13 10:32 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll

2014-12-13 10:34 - 2014-12-13 10:32 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\atl90.dll

2014-12-13 10:34 - 2014-12-13 10:32 - 00001857 _____ () C:\Windows\system32\Microsoft.VC90.CRT.manifest

2014-12-13 10:34 - 2014-12-13 10:32 - 00000466 _____ () C:\Windows\system32\Microsoft.VC90.ATL.manifest

2014-12-12 15:22 - 2014-12-12 15:22 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141212152137

2014-12-10 22:03 - 2014-12-10 22:03 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 15:27 - 2014-12-10 15:27 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141210152457

2014-12-09 23:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-09 23:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-09 15:52 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-09 15:52 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-09 15:52 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-09 15:52 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-09 15:52 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-09 15:52 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-09 15:52 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-09 15:52 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-09 15:51 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-09 15:51 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-09 15:51 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-09 15:50 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-09 15:50 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-09 15:50 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-09 15:50 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-09 15:50 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-09 15:50 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-09 15:50 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-09 15:50 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-09 15:50 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-09 15:50 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-09 15:50 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-09 15:50 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-09 15:50 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-09 15:50 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-03 18:52 - 2014-12-03 18:52 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-02 11:32 - 2014-12-02 11:32 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141202105225

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 20:38 - 2014-11-25 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-01 20:33 - 2013-03-17 08:54 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Skype

2015-01-01 20:32 - 2014-11-01 11:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-01 20:22 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-01 20:22 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-01 20:21 - 2009-07-14 00:13 - 00791388 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-01 20:17 - 2012-08-26 00:23 - 00010230 _____ () C:\Users\Public\CAFADEBUG.log

2015-01-01 20:15 - 2012-05-30 18:32 - 00000000 ____D () C:\ProgramData\VeriFace

2015-01-01 20:13 - 2012-10-03 23:07 - 03401516 _____ () C:\FaceProv.log

2015-01-01 20:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-31 17:55 - 2014-10-12 07:15 - 00001939 _____ () C:\Users\Rasuka\Desktop\ Mabinogi .lnk

2014-12-31 16:28 - 2012-09-06 20:25 - 00000000 ____D () C:\Program Files (x86)\Java

2014-12-31 15:39 - 2012-08-29 15:28 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo

2014-12-31 15:38 - 2012-08-26 05:14 - 00000000 ____D () C:\Windows\System32\Tasks\Games

2014-12-31 14:32 - 2012-08-26 00:12 - 00000000 ____D () C:\Users\Rasuka\Tracing

2014-12-31 14:30 - 2013-04-12 16:53 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-12-30 18:04 - 2012-08-25 23:49 - 00000000 ___SD () C:\Users\Rasuka

2014-12-30 16:49 - 2012-08-26 08:05 - 00000000 ____D () C:\ProgramData\RegCure

2014-12-30 11:21 - 2013-12-28 11:48 - 00000000 ____D () C:\Windows\Minidump

2014-12-28 21:15 - 2014-11-14 22:03 - 00007597 _____ () C:\Users\Rasuka\AppData\Local\resmon.resmoncfg

2014-12-28 18:07 - 2012-08-26 08:14 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\uTorrent

2014-12-28 14:10 - 2012-05-30 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-12-28 13:41 - 2013-01-25 08:29 - 00000000 ____D () C:\Users\Rasuka\New folder (2)

2014-12-28 12:29 - 2009-07-14 00:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-12-27 20:23 - 2013-04-09 16:55 - 00000000 ____D () C:\Users\Rasuka\Documents\Just Another Day with you

2014-12-27 15:06 - 2013-03-17 08:54 - 00000000 ____D () C:\ProgramData\Skype

2014-12-27 15:05 - 2014-11-15 08:57 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-12-27 14:51 - 2014-10-03 10:27 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-12-26 20:34 - 2013-01-10 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO

2014-12-26 19:45 - 2014-10-29 16:54 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt

2014-12-26 19:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-12-26 09:39 - 2012-08-26 10:08 - 00000000 ____D () C:\Windows\System32\Tasks\Apple

2014-12-26 09:39 - 2012-08-26 08:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform

2014-12-26 09:39 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-12-26 09:39 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media

2014-12-26 09:21 - 2010-11-20 09:42 - 00000000 ____D () C:\$WINDOWS.~BT

2014-12-24 18:14 - 2014-02-16 19:24 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\NVIDIA Corporation

2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-12-24 18:14 - 2012-05-30 18:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-12-23 21:56 - 2012-08-25 23:48 - 00000000 ____D () C:\Recovery

2014-12-23 21:48 - 2014-10-19 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-12-23 21:48 - 2012-11-12 08:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

2014-12-23 21:48 - 2012-08-25 23:49 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

2014-12-23 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2014-12-23 21:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-23 20:03 - 2014-03-23 07:23 - 00000000 ____D () C:\Temp

2014-12-23 20:03 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-22 16:12 - 2013-03-18 10:45 - 00000000 ____D () C:\Users\Rasuka\New folder (3)

2014-12-22 15:59 - 2014-11-14 16:07 - 00000000 ____D () C:\Users\Rasuka\Downloads\Flockers-FLT

2014-12-22 15:42 - 2014-09-08 07:12 - 00000000 ____D () C:\Users\Rasuka\Documents\Chemical Lab Tech

2014-12-22 09:07 - 2012-08-25 23:50 - 00001418 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-12-21 18:27 - 2011-02-24 12:03 - 00000000 ____D () C:\Windows\Panther

2014-12-21 18:19 - 2012-08-26 00:26 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Google

2014-12-21 18:19 - 2012-05-30 18:37 - 00000000 ____D () C:\Program Files (x86)\Google

2014-12-21 18:18 - 2012-05-30 18:37 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-12-21 18:18 - 2012-05-30 18:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA

2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding

2014-12-21 09:33 - 2013-04-14 09:33 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Deployment

2014-12-20 10:19 - 2014-11-22 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-19 22:06 - 2009-07-13 21:34 - 00001512 ___SH () C:\Windows\system32\Drivers\etc\hosts.hitmanpro

2014-12-18 18:46 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages

2014-12-17 21:40 - 2013-06-10 13:48 - 00000000 ____D () C:\Users\Rasuka\New folder (4)

2014-12-17 18:41 - 2014-10-23 14:54 - 00000000 ____D () C:\Program Files (x86)\Granado Espada Online

2014-12-14 15:01 - 2012-08-28 21:34 - 00000000 ____D () C:\Users\Rasuka\Documents\Youcam

2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-12-13 05:08 - 2014-02-16 19:18 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2014-12-13 05:08 - 2012-05-30 18:09 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2014-12-13 03:03 - 2012-05-30 18:10 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2014-12-13 03:03 - 2012-05-30 18:10 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2014-12-13 03:03 - 2012-05-30 18:10 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2014-12-13 03:03 - 2012-05-30 18:10 - 01097360 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2014-12-13 03:03 - 2012-05-30 18:10 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2014-12-13 03:03 - 2012-05-30 18:10 - 00628040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll

2014-12-13 03:03 - 2012-05-30 18:10 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2014-12-13 03:03 - 2012-05-30 18:10 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2014-12-13 03:03 - 2012-05-30 18:10 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2014-12-12 22:38 - 2014-11-25 21:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-12 22:12 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-12-12 22:05 - 2014-11-25 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-12 22:05 - 2014-11-25 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Program Files\WinRAR

2014-12-12 18:11 - 2012-05-30 18:10 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin

2014-12-12 15:25 - 2014-01-10 11:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-10 22:03 - 2014-04-29 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 22:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-10 15:51 - 2012-08-26 08:09 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-10 15:47 - 2013-07-16 06:33 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-10 15:34 - 2012-08-26 00:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-10 15:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security

2014-12-09 13:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech

2014-12-07 18:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing

2014-12-06 10:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources

2014-12-03 18:52 - 2014-11-01 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-03 18:52 - 2014-11-01 11:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-03 16:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors

2014-12-02 14:56 - 2014-05-09 21:20 - 00000000 ____D () C:\ProgramData\Origin

2014-12-02 14:55 - 2014-05-09 21:20 - 00000000 ____D () C:\Program Files (x86)\Origin

Some content of TEMP:

====================

C:\Users\Rasuka\AppData\Local\Temp\Quarantine.exe

C:\Users\Rasuka\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-27 17:11

==================== End Of Log ============================

Addition log:-

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014

Ran by Rasuka at 2015-01-01 20:39:41

Running from C:\Users\Rasuka\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A Walk in the Dark (HKLM-x32\...\Steam App 248730) (Version: - )

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)

Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)

Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden

Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)

Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Setup (HKLM-x32\...\Adobe_ced94c8db6b9767b7dd95a4c64ecdc8) (Version: 2.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)

Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden

Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden

Aimersoft Video Converter Ultimate(Build 6.4.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.4.1.0 - Aimersoft Software)

Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Akamai) (Version: - Akamai Technologies, Inc)

Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version: - Akamai Technologies, Inc)

Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.3042.60281 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 3.1.3042.60281 - Alcor Micro Corp.) Hidden

Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)

All Sound Recorder XP 2.30 (HKLM-x32\...\All Sound Recorder XP_is1) (Version: - MP3DO, Inc.)

Anvil Studio (HKLM-x32\...\{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}) (Version: 14.03.01 - Willow Software)

Anvil Studio 2012 (HKLM-x32\...\{BC3AFA60-3E98-4F5B-81B7-0A919050C0D7}) (Version: 12.12.07 - Willow Software)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)

Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)

Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)

Brownie (HKLM-x32\...\{F40CA00E-B365-448A-B146-BC061F1230A0}) (Version: 1.0.2 - Hotarugirl)

CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.50 - Conexant)

Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)

Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden

Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.0.0.07110 - Sony Corporation)

CoreAAC (HKLM-x32\...\CoreAAC) (Version: - )

Costume Quest (HKLM-x32\...\Costume Quest_is1) (Version: - )

Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)

Disney Epic Mickey 2 (HKLM-x32\...\{FD86651E-5875-4964-9E18-7F128292EBB1}) (Version: 1.00.0000 - Disney Interactive Studios)

Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)

Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)

Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden

FATE (HKLM-x32\...\Steam App 246840) (Version: - WildTangent)

FATE: Undiscovered Realms (HKLM-x32\...\Steam App 276890) (Version: - WildTangent)

Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.01.516 - Gamigo games)

FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)

Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company)

GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)

GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.54 - Gretech Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version: - IMC Games Co., Ltd.)

Grimm (HKLM-x32\...\Steam App 252150) (Version: - Spicyhorse Games)

Hexic Deluxe (HKLM-x32\...\{E26DE186-3540-4489-83D0-8BFFBFBDBBC8}) (Version: 1.0.0 - Zone.com Deluxe Games)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)

Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)

Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )

Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)

Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Knights of Pen and Paper (HKLM-x32\...\Knights of Pen and Paper_is1) (Version: - Paradox Interactive)

kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden

Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.7 - Lenovo)

Lenovo CAPOSD (x32 Version: 1.0.0.7 - Lenovo) Hidden

Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3807 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 7.0.0.3807 - CyberLink Corp.) Hidden

Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.0.29 - Lenovo Corporation)

Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)

Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden

LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)

Mabinogi (HKLM-x32\...\Steam App 212200) (Version: - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)

Media Manager for WALKMAN 1.2 (HKLM-x32\...\{5A6ED905-D19D-4954-8499-0DAF386460F7}) (Version: 1.2.771 - Sony)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)

Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )

NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)

NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)

osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)

PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden

Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)

Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version: - )

Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden

Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden

Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)

Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

PrintMusic! 2000 (HKLM-x32\...\PrintMusic! 2000) (Version: - )

QBeez 2 (HKLM-x32\...\QBeez 2_is1) (Version: - )

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )

RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds_is1) (Version: - )

Ricochet Xtreme (HKLM-x32\...\Ricochet Xtreme Retail_is1) (Version: - Reflexive Entertainment, Inc.)

Rogue Legacy version 0.0.0.9 (HKLM-x32\...\Rogue Legacy_is1) (Version: 0.0.0.9 - WaLMaRT)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

SharpEye Music Reader 2 (HKLM-x32\...\SharpEye Music Reader 2) (Version: - Visiv)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)

Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version: - )

System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)

The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version: - KING Art)

The Book of Unwritten Tales: The Critter Chronicles (HKLM-x32\...\Steam App 221830) (Version: - KING Art)

The Last Remnant (HKLM-x32\...\Steam App 23310) (Version: - SQUARE ENIX)

The Witch's Yarn (HKLM-x32\...\Steam App 287740) (Version: - Mousechief)

TRENDnet TEW-648UB Wireless N USB Adapter (HKLM-x32\...\{74A8117D-07C6-4222-AFFD-51421B69DEF0}) (Version: 1.00.0000 - TRENDnet)

Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version: - Reality Pump Studios)

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)

UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden

VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)

Violett (HKLM-x32\...\Steam App 257830) (Version: - Forever Entertainment S. A.)

VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)

Windows Driver Package - Lenovo Corporation (LAD) System (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

搜狐影音 (HKLM-x32\...\搜狐影音) (Version: 0.0.0.0 - 搜狐公司)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

28-12-2014 13:57:36 Removed Realtek Ethernet Controller All-In-One Windows Driver

29-12-2014 15:50:24 Restore Point Created by FRST

31-12-2014 09:30:26 Windows Update

31-12-2014 15:31:04 Restore Point Created by FRST

31-12-2014 15:52:40 Removed Sophos Virus Removal Tool.

31-12-2014 15:58:27 Removed Sophos Virus Removal Tool.

31-12-2014 16:16:32 Removed Java 7 Update 67

31-12-2014 16:29:36 Removed Java 8 Update 25

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-26 19:45 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

85.25.79.59 www.google-analytics.com.

85.25.79.59 google-analytics.com.

85.25.79.59 connect.facebook.net.

95.141.32.73 www.google-analytics.com.

95.141.32.73 google-analytics.com.

95.141.32.73 connect.facebook.net.

192.95.55.231 www.google-analytics.com.

192.95.55.231 google-analytics.com.

192.95.55.231 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D20654C-A8B8-44D8-B766-52109305D06F} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe

Task: {1FC430EA-1EE2-40D0-850B-20A8323EFAD7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {346E7C27-6B5F-4759-9820-26CC924CE0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)

Task: {38DA9148-2EF2-4AEB-BC87-F3199E506247} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {4D24C1F9-4217-4A50-B31E-BD9877BAD97C} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe

Task: {52B267EA-BE0E-4BA3-B3FC-9FA7F59BCA97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)

Task: {5DDCFCD0-E807-4966-99C7-9CC479E588D2} - System32\Tasks\{E49F7C0D-F95A-47DC-AE9C-4E1E49F9390F} => pcalua.exe -a C:\Users\Rasuka\0wto11ww.exe -d C:\Users\Rasuka

Task: {6BA6068E-5650-46EB-8D88-37A2B326A1C8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {707CADC8-4B7F-431E-8761-34F2668616BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {72CF49A3-4A4B-471F-9AD6-60E504295D6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)

Task: {78B52EEF-1E5D-4ABE-A477-EE8A943C19B3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {8A567B82-3ED9-452E-AE54-C4EBC2E271A9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)

Task: {9D80D751-04A3-4441-BEF6-108B9AAC389C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {9E840021-2EFA-4CE3-AF21-47F1C98F1E16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {A2678D7C-B865-45C2-9490-EC8780D52250} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)

Task: {A4C494A6-4C0A-4C39-8B84-DE489882957B} - System32\Tasks\{B4A23E6E-C0C0-4CA5-9481-633B8CE5467A} => pcalua.exe -a "C:\Users\Rasuka\Adobe Master Collection CS4\Adobe Master Collection CS4\Adobe CS4 Master Collection - Shadeyman\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent

Task: {AC59EACA-2A72-4191-9A45-F045EE04BEE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {B50B6778-5740-4285-A22F-6764F157C83C} - System32\Tasks\{36D133A2-797D-4CD0-AD2C-763552ED6126} => pcalua.exe -a C:\Users\Rasuka\caiu15us.exe -d C:\Users\Rasuka

Task: {E917B792-DBA4-4B94-971A-D99271FB5DF3} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-05] (Intel)

Task: {E9A7A0DE-8CB0-4F53-B425-4953EB99B396} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\RegInOut on user logon - Rasuka.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe

==================== Loaded Modules (whitelisted) =============

2012-05-30 18:10 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-05-30 18:32 - 2012-05-30 18:32 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll

2012-05-30 18:32 - 2012-05-30 18:32 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll

2014-11-02 09:42 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll

2013-07-12 16:55 - 2008-06-26 18:09 - 00167936 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe

2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll

2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll

2012-04-19 18:22 - 2012-05-30 18:42 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll

2013-07-12 16:55 - 2012-01-05 16:53 - 00606208 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe

2012-05-30 18:16 - 2012-04-16 02:17 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

2012-05-30 18:31 - 2011-12-08 13:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

2013-07-12 16:55 - 2011-08-11 09:18 - 00413696 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanDll.dll

2013-07-12 16:55 - 2011-08-26 10:55 - 00294912 _____ () C:\Program Files\TRENDnet\TEW-648UB\WPSCtrl.dll

2012-05-30 18:32 - 2012-05-30 18:32 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll

2012-05-30 18:29 - 2012-02-20 18:08 - 00021040 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll

2012-05-30 18:29 - 2012-02-20 18:08 - 00089136 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\CommonTools.dll

2014-10-18 11:00 - 2014-10-18 11:00 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll

2012-05-30 18:05 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2012-05-30 18:16 - 2012-03-28 09:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-12-21 18:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-21 18:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-21 18:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-21 18:19 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-12-21 18:19 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1422646263-2310165737-2160699533-500 - Administrator - Disabled)

Guest (S-1-5-21-1422646263-2310165737-2160699533-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1422646263-2310165737-2160699533-1003 - Limited - Enabled)

Rasuka (S-1-5-21-1422646263-2310165737-2160699533-1001 - Administrator - Enabled) => C:\Users\Rasuka

==================== Faulty Device Manager Devices =============

Name: MagicISO SCSI Host Controller

Description: MagicISO SCSI Host Controller

Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}

Manufacturer: MagicISO, Inc.

Service: mcdbus

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:

==================

Error: (01/01/2015 08:13:17 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (01/01/2015 08:17:41 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (01/01/2015 08:16:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (01/01/2015 08:13:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

cdrom

Error: (01/01/2015 08:10:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:

%%1069

Error: (01/01/2015 08:10:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:

%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/01/2015 08:10:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

%%1056

Error: (01/01/2015 08:10:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (01/01/2015 08:10:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/01/2015 08:10:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/01/2015 08:10:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:

=========================

Error: (01/01/2015 08:13:17 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz

Percentage of memory in use: 48%

Total physical RAM: 8053.2 MB

Available physical RAM: 4130.66 MB

Total Pagefile: 20132.2 MB

Available Pagefile: 14679.95 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:114.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.79 GB) NTFS

Drive f: () (Removable) (Total:7.39 GB) (Free:2.77 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 5226011C)

Partition 1: (Not Active) - (Size=8 GB) - (Type=84)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 52260118)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=19.3 GB) - (Type=12)

========================================================

Disk: 2 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

#21
Nevan

Posted 02 January 2015 - 06:43 AM

Trusted Helper

Malware Removal
1,765 posts

Hello, Rasuka.

Happy New Year

Thanks, same to you

We're most likely going to end soon, just some more checks left.

Step #1
Malwarebytes Anti-Malware

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove Malwarebytes Anti-Malware. We will need to download the latest version.

Download Malwarebytes Anti-Malware to your Desktop
Double click the file to open it. Install the program.
Before you click Finish, make sure that:
- Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
- Launch Malwarebytes Anti-Malware is checked
In Database version section, click Update Now
Once the update is done, click Settings>Detection and Protection
Make sure that all three boxes under Detection Options are checked
Go back to Dashboard and click the big, green Scan Now button.
Wait for Malwarebytes Anti-Malware to finish the scan
If the program will detect anything, click the button. The program might want to reboot the system. Allow it it wants to.
Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
Click the button.
Paste (CTRL+V) the log into your next reply.

Step #2
ESET Online Scanner

Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox

Disable your Antivirus program (click here if you don't know how to do this).
Visit ESET site
Click
When using:
- Internet Explorer:
  - Accept the Terms of Use and click Start
  - Allow the running of add-on
- Other browsers:
  - Download esetsmartinstaller_enu.exe that you'll be given link to
  - Double click esetsmartinstaller_enu.exe
  - Allow the Terms of Use and click Start
Make sure that:
- Enable detection of potentially unwanted applications is checked
- In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan
When the scan is done, click Finish
A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Remember to enable your Antivirus program once you're done!

Step #3
Security Check

Download Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Things that should appear in your next post:

Malwarebytes Anti-Malware log content
ESET Online Scanner log content
Checkup.txt log content

#22
Rasuka

Posted 04 January 2015 - 07:21 PM

Member

Topic Starter
Member
19 posts

I can't seem to locate the malwarebytes anti-malware log but it did remove 6 things.

As for the online scanner it refuse to scan when i ran it regularly it took 12 hours to scan 3% of my computer so I booted it in safe mode and this was the log:-

# product=EOS

# version=8

# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=4d20e1dd73f3e34890e22e7b0a4709a5

# engine=21812

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-01-04 09:17:31

# local_time=2015-01-04 04:17:31 (-0500, Eastern Standard Time)

# country="Canada"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'

# compatibility_mode=5123 16777214 88 100 5675659 46710937 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 0 171949701 0 0

# scanned=375737

# found=19

# cleaned=0

# scan_time=17392

sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"

sh=ECA4A5549FE7C1010C8CF82ADED0869445104113 ft=1 fh=6a94424ce7b3801f vn="a variant of Win32/MessengerPlus.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\yuna software\Messenger Plus!\Settings\Settings.exe.vir"

sh=5618C3AE61B19703110A173ACB7F4B1544C3347C ft=1 fh=c8c204d4690517c4 vn="a variant of MSIL/Adware.PullUpdate.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"

sh=9DEF9E2A2B1C74C704A82B5413D7CEA69C57EF4F ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Activation Disabler.cmd"

sh=601676D488C3DD148410DDC7EB8785E1F52A8AD3 ft=1 fh=15cfdd310a9914b3 vn="a variant of Win32/HackTool.Crack.BB potentially unsafe application" ac=I fn="C:\Program Files (x86)\Disney Interactive Studios\Disney Epic Mickey 2\rld.dll"

sh=7398A9F5BEA2860C016145E8152198CFC0311869 ft=1 fh=c71c00119574698e vn="a variant of Win64/Sathurbot.A trojan" ac=I fn="C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll"

sh=541CFA0A0CFC4C28493B65FFDF934ABC172236FD ft=1 fh=abd058153dfcd00c vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\ProgramData\xTtqYNb\dat\TdolZgPEv.dll"

sh=BEFDCD39FCAA5DAC047C8510595D027197DD1451 ft=1 fh=eb5e33d8ec46aa5c vn="a variant of Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Reactivate.exe.vir"

sh=DA1899D43F337394C891301B5D23A40D661F9862 ft=1 fh=bc85500575f63717 vn="Win32/Toolbar.Zugo.E potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir"

sh=DE25AF9466ABC0218682306B8CD4C5EA6A7D0DE9 ft=1 fh=26a24944a164baca vn="a variant of Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir"

sh=4E85ED587BFE19EC609164091E154096E8BCCEFE ft=1 fh=039edbbf2a5d268c vn="a variant of Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe.vir"

sh=68699DB446B870EA53105A96999476B67317EFB7 ft=1 fh=1d21e89b4f50512a vn="a variant of Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir"

sh=722A472368D8687E5A61141E23FB5D4E182EA3AF ft=1 fh=39ea45f45683aec6 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\$RECYCLE.BIN\S-1-5-21-1422646263-2310165737-2160699533-1001\$REWHK3N.dll"

sh=7398A9F5BEA2860C016145E8152198CFC0311869 ft=1 fh=c71c00119574698e vn="a variant of Win64/Sathurbot.A trojan" ac=I fn="C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll"

sh=541CFA0A0CFC4C28493B65FFDF934ABC172236FD ft=1 fh=abd058153dfcd00c vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Users\All Users\xTtqYNb\dat\TdolZgPEv.dll"

sh=9DEF9E2A2B1C74C704A82B5413D7CEA69C57EF4F ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="C:\Users\Rasuka\Adobe Master Collection CS4 key gen\Activation Disabler.cmd"

sh=006AC0EBA2A94658B41219E8221BF8D73651365C ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BU trojan" ac=I fn="C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7}\components\CallChannelManagerClass.js"

sh=722A472368D8687E5A61141E23FB5D4E182EA3AF ft=1 fh=39ea45f45683aec6 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Rasuka\New folder (2)\Mabinogi\Pleione.dll"

sh=04BFD2536899D09566918186B1894A92CAC5B204 ft=1 fh=ded6d3f69b79f185 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Rasuka\New folder (3)\Tangled\Jaybob's_Movies_Toolbar_Internet Explorer.exe"

The security check log:-

Results of screen317's Security Check version 0.99.93

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

McAfee SiteAdvisor

Java 8 Update 25

Java version 32-bit out of Date!

Adobe Flash Player 16.0.0.235

Adobe Reader XI

Mozilla Firefox (34.0.5)

Google Chrome (39.0.2171.95)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

#23
Nevan

Posted 05 January 2015 - 12:45 PM

Trusted Helper

Malware Removal
1,765 posts

Hello, Rasuka.

I've noticed that the following programs on your system have been obtained illegally:

Adobe Photoshop CS4
Disney Epic Mickey 2

This violates our Terms of Use:

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

You have two options now:
Option #1: Keep the illegally obtained software, which will result in stopping my help and closing this topic
Option #2: Remove the illegally obtained software and continue with cleaning your computer

It's your call. If you choose to remove that software, do so and then show me the new FRST scan using the following instructions:

FRST Scan

Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
Make sure that Addition.txt is checked and press the Scan button.
It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

#24
Rasuka

Posted 06 January 2015 - 05:02 PM

Member

Topic Starter
Member
19 posts

Along with those two programs I also removed a bunch of other stuff but I'm not sure if they are gone from my system. I did have some difficulty removing photoshop CS4 if you still see traces of it please go ahead and remove it, but here are the logs you requested:-

FRST log:-

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015

Ran by Rasuka (administrator) on RASUKA-PC on 06-01-2015 17:12:28

Running from C:\Users\Rasuka\Desktop

Loaded Profiles: Rasuka & (Available profiles: Rasuka)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

() C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe

() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Gretech Corp.) C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe