Hai Happy New Year
As requested here are the logs:-
JRT log:-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Rasuka on 01/01/2015 at 17:45:52.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ThunderNewTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ThunderNewTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ThunderNewTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ThunderNewTask_RASMANCS
~~~ Files
Successfully deleted: [File] "C:\Windows\reimage.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Rasuka\AppData\Roaming\speedypc software"
~~~ FireFox
Emptied folder: C:\Users\Rasuka\AppData\Roaming\mozilla\firefox\profiles\qsbpguso.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/01/2015 at 19:40:27.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner log:-
# AdwCleaner v4.106 - Report created 01/01/2015 at 20:10:10
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rasuka - RASUKA-PC
# Running from : C:\Users\Rasuka\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Rasuka\AppData\Local\CrashRpt
File Deleted : C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
-\\ Google Chrome v39.0.2171.95
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322287&octid=EB_ORIGINAL_CTID&ISID=M3B560494-7A45-4B99-BB77-62634285F0E4&SearchSource=58&CUI=&UM=5&UP=SPECF79270-BBCD-490B-93CD-EC21209C68A8&q={searchTerms}&SSPV=
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322287&octid=EB_ORIGINAL_CTID&ISID=M3B560494-7A45-4B99-BB77-62634285F0E4&SearchSource=58&CUI=&UM=5&UP=SPECF79270-BBCD-490B-93CD-EC21209C68A8&q={searchTerms}&SSPV=
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=pb2&co=TJ&userid=f3343465-5860-4fe2-82ba-fdea1cb2f4bf&sp=addr&q={searchTerms}&t=c0127&uid=8b345008
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [308 octets] - [21/12/2014 15:31:38]
AdwCleaner[R1].txt - [65296 octets] - [21/12/2014 15:34:37]
AdwCleaner[R2].txt - [1252 octets] - [21/12/2014 17:42:13]
AdwCleaner[R3].txt - [1380 octets] - [23/12/2014 19:38:51]
AdwCleaner[R4].txt - [815 octets] - [31/12/2014 16:14:30]
AdwCleaner[R5].txt - [2958 octets] - [31/12/2014 16:49:02]
AdwCleaner[R6].txt - [2866 octets] - [01/01/2015 19:45:38]
AdwCleaner[S0].txt - [70226 octets] - [21/12/2014 15:44:28]
AdwCleaner[S1].txt - [1319 octets] - [21/12/2014 17:44:00]
AdwCleaner[S2].txt - [2752 octets] - [01/01/2015 20:10:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2812 octets] ##########
FRST log:-
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Rasuka (administrator) on RASUKA-PC on 01-01-2015 20:20:26
Running from C:\Users\Rasuka\Desktop
Loaded Profile: Rasuka (Available profiles: Rasuka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-30] (Synaptics)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-05-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-30] (Lenovo)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe [3244080 2012-04-06] (Lenovo)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-16] (LENOVO)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
Startup: C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://ca.msn.com/
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8AE1D0C4-7173-439A-A816-1CE62C27BD64}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CC6CA805-4581-4164-8FC0-492B3F3009C8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D3694D17-36C2-4024-9423-D8AEE6EFE184}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FE9367BC-57FD-431C-AFE2-10F4FBAC625F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: CallChannelManager Class - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7} [2014-11-11]
FF Extension: iMacros for Firefox - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-12-19]
FF Extension: RefControl - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2012-12-20]
FF Extension: Greasemonkey - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-12-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: No Name - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> google.ca_
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-21]
CHR Extension: (Google Docs) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-21]
CHR Extension: (Google Drive) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-21]
CHR Extension: (YouTube) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-21]
CHR Extension: (Google Search) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-21]
CHR Extension: (Tampermonkey) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-21]
CHR Extension: (Google Sheets) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-21]
CHR Extension: (Gmail) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-16] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164184 2012-04-16] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5434008 2013-08-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-26] (Electronic Arts)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-17] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-12-26] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-13] (TODO: <Company name>)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-01 19:40 - 2015-01-01 19:40 - 00001426 _____ () C:\Users\Rasuka\Desktop\JRT.txt
2015-01-01 17:42 - 2015-01-01 17:43 - 01707939 _____ (Thisisu) C:\Users\Rasuka\Desktop\JRT.exe
2014-12-31 16:26 - 2014-12-27 14:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-31 16:26 - 2014-12-27 14:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-31 16:07 - 2014-12-31 16:07 - 02173952 _____ () C:\Users\Rasuka\Desktop\AdwCleaner.exe
2014-12-31 14:25 - 2014-12-31 14:25 - 00002978 _____ () C:\Windows\SysWOW64\rsslogs.20141231090416
2014-12-31 09:05 - 2014-12-31 09:05 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-31 09:05 - 2014-12-31 09:05 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-30 11:21 - 2014-12-30 11:21 - 00305496 _____ () C:\Windows\Minidump\123014-57002-01.dmp
2014-12-29 22:08 - 2014-12-30 18:40 - 00047884 _____ () C:\Users\Rasuka\Desktop\Addition.txt
2014-12-29 16:36 - 2014-12-29 16:36 - 00002958 _____ () C:\Windows\SysWOW64\rsslogs.20141229163422
2014-12-29 10:07 - 2014-12-29 10:07 - 00002969 _____ () C:\Windows\SysWOW64\rsslogs.20141229100044
2014-12-29 09:30 - 2014-12-29 09:33 - 00011920 _____ () C:\Windows\SysWOW64\rsslogs.20141229092849
2014-12-28 18:17 - 2014-12-28 18:19 - 00011527 _____ () C:\Users\Rasuka\Desktop\ckfiles.txt
2014-12-28 17:45 - 2014-12-28 17:45 - 00468480 _____ () C:\Users\Rasuka\Desktop\CKScanner.exe
2014-12-28 15:41 - 2014-12-28 15:41 - 00000000 ____D () C:\Users\Rasuka\Desktop\FRST-OlderVersion
2014-12-28 12:37 - 2014-12-28 12:37 - 00000020 ___SH () C:\Users\Rasuka\ntuser.ini
2014-12-28 11:15 - 2014-12-28 11:15 - 00308360 _____ () C:\Windows\Minidump\122814-59514-01.dmp
2014-12-28 08:20 - 2014-12-28 08:20 - 00000000 _____ () C:\Users\Rasuka\AppData\Local\{D7C78B3C-29B7-4F9D-9D6D-05D8D4771822}
2014-12-28 08:06 - 2014-12-28 08:06 - 00003186 _____ () C:\Windows\SysWOW64\rsslogs.20141228080627
2014-12-27 21:28 - 2015-01-01 20:32 - 00036788 _____ () C:\Users\Rasuka\Desktop\FRST.txt
2014-12-27 21:26 - 2014-12-28 15:41 - 02123264 _____ (Farbar) C:\Users\Rasuka\Desktop\FRST64.exe
2014-12-27 19:25 - 2015-01-01 20:26 - 00000000 ____D () C:\FRST
2014-12-27 15:45 - 2014-12-27 16:15 - 00006372 _____ () C:\Windows\SysWOW64\rsslogs.20141227154136
2014-12-27 13:32 - 2014-12-28 13:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-27 10:17 - 2014-12-28 13:36 - 00000000 ____D () C:\ProgramData\Norton
2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-27 10:01 - 2014-12-27 10:02 - 00002910 _____ () C:\Windows\SysWOW64\rsslogs.20141227095652
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean.tmp
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean
2014-12-26 19:53 - 2014-12-26 19:53 - 00000398 _____ () C:\Windows\Tasks\RegInOut on user logon - Rasuka.job
2014-12-26 19:52 - 2014-12-26 19:52 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-12-26 19:49 - 2014-12-26 19:49 - 00000235 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
2014-12-26 19:31 - 2015-01-01 20:13 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:31 - 2015-01-01 20:13 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:22 - 2014-12-26 21:45 - 00000000 ____D () C:\ProgramData\Backup
2014-12-26 18:18 - 2014-12-26 21:00 - 00000000 ____D () C:\ProgramData\RegInOut
2014-12-26 15:13 - 2014-12-31 16:03 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-26 09:25 - 2014-12-26 09:25 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-12-25 12:22 - 2014-12-25 15:20 - 00000752 _____ () C:\Windows\DtcInstall.log
2014-12-25 11:01 - 2014-12-25 11:19 - 00001446 _____ () C:\Windows\comsetup.log
2014-12-25 10:38 - 2014-12-25 10:38 - 00000002 _____ () C:\$UpgDrv$
2014-12-25 10:37 - 2014-12-25 10:37 - 00001594 _____ () C:\Windows\CompatibilityIssues.txt
2014-12-25 10:20 - 2014-12-26 09:25 - 00000000 ____D () C:\$UPGRADE.~OS
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagwrn.xml
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagerr.xml
2014-12-24 20:16 - 2014-12-24 20:16 - 00455136 ____T () C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____H () C:\Users\Rasuka\Documents\Default.rdp
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
2014-12-24 20:14 - 2014-12-24 20:15 - 00000000 ____D () C:\Program Files\SIW Home Edition
2014-12-24 19:43 - 2014-12-27 10:08 - 00000000 ____D () C:\Windows\pss
2014-12-24 18:43 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-12-24 18:27 - 2014-12-24 18:27 - 00305192 _____ () C:\Windows\Minidump\122414-8112-01.dmp
2014-12-24 11:23 - 2014-12-24 11:23 - 00305000 _____ () C:\Windows\Minidump\122414-45427-01.dmp
2014-12-23 23:03 - 2014-12-23 23:03 - 00000000 ____D () C:\ProgramData\F-Secure
2014-12-23 21:13 - 2014-12-26 13:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-23 21:06 - 2014-12-23 21:06 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\71490227.sys
2014-12-23 20:36 - 2014-12-23 21:48 - 00000000 ____D () C:\Users\Rasuka\Downloads\tdsskiller
2014-12-23 20:36 - 2014-12-23 20:37 - 05198336 _____ (AVAST Software) C:\Users\Rasuka\Downloads\aswMBR.exe
2014-12-23 20:35 - 2014-12-23 20:35 - 04166770 _____ () C:\Users\Rasuka\Downloads\tdsskiller.zip
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\system32\NV
2014-12-23 19:52 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-23 19:18 - 2014-12-23 19:19 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141223191743
2014-12-23 19:01 - 2014-12-23 19:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 14:13 - 2014-12-31 19:12 - 00212480 ___SH () C:\Users\Rasuka\Thumbs.db
2014-12-21 22:09 - 2014-12-21 22:09 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-21 22:09 - 2014-12-21 22:09 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-21 22:09 - 2014-12-21 22:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-21 22:09 - 2014-12-21 22:09 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-21 22:09 - 2014-12-21 22:09 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-21 22:09 - 2014-12-21 22:09 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-21 22:09 - 2014-12-21 22:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-21 22:08 - 2014-12-21 22:09 - 00003397 _____ () C:\Windows\IE9_main.log
2014-12-21 20:25 - 2014-12-23 20:38 - 00000424 _____ () C:\Windows\system32\.crusader
2014-12-21 18:59 - 2014-12-21 20:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-21 18:59 - 2014-12-21 18:59 - 11222744 _____ (SurfRight B.V.) C:\Users\Rasuka\Downloads\HitmanPro_x64.exe
2014-12-21 18:41 - 2014-12-30 11:21 - 1091069408 _____ () C:\Windows\MEMORY.DMP
2014-12-21 18:41 - 2014-12-21 18:41 - 00287584 _____ () C:\Windows\Minidump\122114-17612-01.dmp
2014-12-21 18:29 - 2014-12-22 09:07 - 00001424 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-21 18:26 - 2015-01-01 20:11 - 00036390 _____ () C:\Windows\PFRO.log
2014-12-21 18:19 - 2014-12-21 18:19 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-21 18:19 - 2014-12-21 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-21 18:18 - 2015-01-01 20:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 18:18 - 2015-01-01 20:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 18:16 - 2015-01-01 20:26 - 00787986 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 18:15 - 2014-12-21 18:15 - 00003284 _____ () C:\Windows\SysWOW64\rsslogs.20141221181208
2014-12-21 18:11 - 2015-01-01 20:12 - 00002683 _____ () C:\Windows\setupact.log
2014-12-21 18:11 - 2014-12-25 10:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-21 15:32 - 2014-12-21 15:32 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 15:31 - 2015-01-01 20:10 - 00000000 ____D () C:\AdwCleaner
2014-12-21 15:30 - 2014-12-21 15:30 - 02173952 _____ () C:\Users\Rasuka\Downloads\AdwCleaner.exe
2014-12-21 15:30 - 2014-12-21 15:30 - 01707646 _____ (Thisisu) C:\Users\Rasuka\Downloads\JRT.exe
2014-12-21 15:20 - 2014-12-21 15:21 - 124144376 _____ (Microsoft Corporation) C:\Users\Rasuka\Downloads\msert.exe
2014-12-21 15:06 - 2014-12-21 15:06 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141221150518
2014-12-17 20:10 - 2014-12-17 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-16 09:30 - 2014-12-21 15:05 - 00000304 _____ () C:\Windows\system32\TemporarFileConfiguration
2014-12-15 20:50 - 2014-12-15 20:53 - 00000000 ____D () C:\Users\Rasuka\衝上雲霄
2014-12-13 10:34 - 2014-12-13 10:34 - 00000020 _____ () C:\Windows\SysWOW64\pub_store.dat
2014-12-13 10:34 - 2014-12-13 10:32 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\atl90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00001857 _____ () C:\Windows\system32\Microsoft.VC90.CRT.manifest
2014-12-13 10:34 - 2014-12-13 10:32 - 00000466 _____ () C:\Windows\system32\Microsoft.VC90.ATL.manifest
2014-12-12 15:22 - 2014-12-12 15:22 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141212152137
2014-12-10 22:03 - 2014-12-10 22:03 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 15:27 - 2014-12-10 15:27 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141210152457
2014-12-09 23:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 23:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 15:52 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 15:52 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 15:51 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 15:50 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 15:50 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 15:50 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 15:50 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 15:50 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 15:50 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-03 18:52 - 2014-12-03 18:52 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-02 11:32 - 2014-12-02 11:32 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141202105225
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-01 20:38 - 2014-11-25 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 20:33 - 2013-03-17 08:54 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Skype
2015-01-01 20:32 - 2014-11-01 11:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 20:22 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 20:22 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 20:21 - 2009-07-14 00:13 - 00791388 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 20:17 - 2012-08-26 00:23 - 00010230 _____ () C:\Users\Public\CAFADEBUG.log
2015-01-01 20:15 - 2012-05-30 18:32 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-01 20:13 - 2012-10-03 23:07 - 03401516 _____ () C:\FaceProv.log
2015-01-01 20:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 17:55 - 2014-10-12 07:15 - 00001939 _____ () C:\Users\Rasuka\Desktop\ Mabinogi .lnk
2014-12-31 16:28 - 2012-09-06 20:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-31 15:39 - 2012-08-29 15:28 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-12-31 15:38 - 2012-08-26 05:14 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-31 14:32 - 2012-08-26 00:12 - 00000000 ____D () C:\Users\Rasuka\Tracing
2014-12-31 14:30 - 2013-04-12 16:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-30 18:04 - 2012-08-25 23:49 - 00000000 ___SD () C:\Users\Rasuka
2014-12-30 16:49 - 2012-08-26 08:05 - 00000000 ____D () C:\ProgramData\RegCure
2014-12-30 11:21 - 2013-12-28 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 21:15 - 2014-11-14 22:03 - 00007597 _____ () C:\Users\Rasuka\AppData\Local\resmon.resmoncfg
2014-12-28 18:07 - 2012-08-26 08:14 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\uTorrent
2014-12-28 14:10 - 2012-05-30 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-28 13:41 - 2013-01-25 08:29 - 00000000 ____D () C:\Users\Rasuka\New folder (2)
2014-12-28 12:29 - 2009-07-14 00:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-27 20:23 - 2013-04-09 16:55 - 00000000 ____D () C:\Users\Rasuka\Documents\Just Another Day with you
2014-12-27 15:06 - 2013-03-17 08:54 - 00000000 ____D () C:\ProgramData\Skype
2014-12-27 15:05 - 2014-11-15 08:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-27 14:51 - 2014-10-03 10:27 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-26 20:34 - 2013-01-10 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2014-12-26 19:45 - 2014-10-29 16:54 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-26 19:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 09:39 - 2012-08-26 10:08 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-12-26 09:39 - 2012-08-26 08:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-12-26 09:39 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-26 09:39 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-26 09:21 - 2010-11-20 09:42 - 00000000 ____D () C:\$WINDOWS.~BT
2014-12-24 18:14 - 2014-02-16 19:24 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-23 21:56 - 2012-08-25 23:48 - 00000000 ____D () C:\Recovery
2014-12-23 21:48 - 2014-10-19 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-23 21:48 - 2012-11-12 08:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-23 21:48 - 2012-08-25 23:49 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-23 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-23 21:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-23 20:03 - 2014-03-23 07:23 - 00000000 ____D () C:\Temp
2014-12-23 20:03 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-22 16:12 - 2013-03-18 10:45 - 00000000 ____D () C:\Users\Rasuka\New folder (3)
2014-12-22 15:59 - 2014-11-14 16:07 - 00000000 ____D () C:\Users\Rasuka\Downloads\Flockers-FLT
2014-12-22 15:42 - 2014-09-08 07:12 - 00000000 ____D () C:\Users\Rasuka\Documents\Chemical Lab Tech
2014-12-22 09:07 - 2012-08-25 23:50 - 00001418 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-21 18:27 - 2011-02-24 12:03 - 00000000 ____D () C:\Windows\Panther
2014-12-21 18:19 - 2012-08-26 00:26 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Google
2014-12-21 18:19 - 2012-05-30 18:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-21 18:18 - 2012-05-30 18:37 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-21 18:18 - 2012-05-30 18:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-12-21 09:33 - 2013-04-14 09:33 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Deployment
2014-12-20 10:19 - 2014-11-22 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 22:06 - 2009-07-13 21:34 - 00001512 ___SH () C:\Windows\system32\Drivers\etc\hosts.hitmanpro
2014-12-18 18:46 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-17 21:40 - 2013-06-10 13:48 - 00000000 ____D () C:\Users\Rasuka\New folder (4)
2014-12-17 18:41 - 2014-10-23 14:54 - 00000000 ____D () C:\Program Files (x86)\Granado Espada Online
2014-12-14 15:01 - 2012-08-28 21:34 - 00000000 ____D () C:\Users\Rasuka\Documents\Youcam
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 05:08 - 2014-02-16 19:18 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-13 05:08 - 2012-05-30 18:09 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 01097360 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 03:03 - 2012-05-30 18:10 - 00628040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-12 22:38 - 2014-11-25 21:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 22:12 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 22:05 - 2014-11-25 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 22:05 - 2014-11-25 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-12 18:11 - 2012-05-30 18:10 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-12 15:25 - 2014-01-10 11:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 22:03 - 2014-04-29 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 15:51 - 2012-08-26 08:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 15:47 - 2013-07-16 06:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 15:34 - 2012-08-26 00:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 15:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-12-09 13:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-12-07 18:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-12-06 10:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-12-03 18:52 - 2014-11-01 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 18:52 - 2014-11-01 11:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 16:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-02 14:56 - 2014-05-09 21:20 - 00000000 ____D () C:\ProgramData\Origin
2014-12-02 14:55 - 2014-05-09 21:20 - 00000000 ____D () C:\Program Files (x86)\Origin
Some content of TEMP:
====================
C:\Users\Rasuka\AppData\Local\Temp\Quarantine.exe
C:\Users\Rasuka\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-27 17:11
==================== End Of Log ============================
Addition log:-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Rasuka at 2015-01-01 20:39:41
Running from C:\Users\Rasuka\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
A Walk in the Dark (HKLM-x32\...\Steam App 248730) (Version: - )
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\Adobe_ced94c8db6b9767b7dd95a4c64ecdc8) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Aimersoft Video Converter Ultimate(Build 6.4.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.4.1.0 - Aimersoft Software)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.3042.60281 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.3042.60281 - Alcor Micro Corp.) Hidden
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
All Sound Recorder XP 2.30 (HKLM-x32\...\All Sound Recorder XP_is1) (Version: - MP3DO, Inc.)
Anvil Studio (HKLM-x32\...\{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}) (Version: 14.03.01 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{BC3AFA60-3E98-4F5B-81B7-0A919050C0D7}) (Version: 12.12.07 - Willow Software)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Brownie (HKLM-x32\...\{F40CA00E-B365-448A-B146-BC061F1230A0}) (Version: 1.0.2 - Hotarugirl)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.50 - Conexant)
Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.0.0.07110 - Sony Corporation)
CoreAAC (HKLM-x32\...\CoreAAC) (Version: - )
Costume Quest (HKLM-x32\...\Costume Quest_is1) (Version: - )
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Disney Epic Mickey 2 (HKLM-x32\...\{FD86651E-5875-4964-9E18-7F128292EBB1}) (Version: 1.00.0000 - Disney Interactive Studios)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
FATE (HKLM-x32\...\Steam App 246840) (Version: - WildTangent)
FATE: Undiscovered Realms (HKLM-x32\...\Steam App 276890) (Version: - WildTangent)
Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.01.516 - Gamigo games)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.54 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version: - IMC Games Co., Ltd.)
Grimm (HKLM-x32\...\Steam App 252150) (Version: - Spicyhorse Games)
Hexic Deluxe (HKLM-x32\...\{E26DE186-3540-4489-83D0-8BFFBFBDBBC8}) (Version: 1.0.0 - Zone.com Deluxe Games)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Knights of Pen and Paper (HKLM-x32\...\Knights of Pen and Paper_is1) (Version: - Paradox Interactive)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.7 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.7 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3807 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3807 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.0.29 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Mabinogi (HKLM-x32\...\Steam App 212200) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Media Manager for WALKMAN 1.2 (HKLM-x32\...\{5A6ED905-D19D-4954-8499-0DAF386460F7}) (Version: 1.2.771 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version: - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PrintMusic! 2000 (HKLM-x32\...\PrintMusic! 2000) (Version: - )
QBeez 2 (HKLM-x32\...\QBeez 2_is1) (Version: - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds_is1) (Version: - )
Ricochet Xtreme (HKLM-x32\...\Ricochet Xtreme Retail_is1) (Version: - Reflexive Entertainment, Inc.)
Rogue Legacy version 0.0.0.9 (HKLM-x32\...\Rogue Legacy_is1) (Version: 0.0.0.9 - WaLMaRT)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SharpEye Music Reader 2 (HKLM-x32\...\SharpEye Music Reader 2) (Version: - Visiv)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version: - )
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version: - KING Art)
The Book of Unwritten Tales: The Critter Chronicles (HKLM-x32\...\Steam App 221830) (Version: - KING Art)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version: - SQUARE ENIX)
The Witch's Yarn (HKLM-x32\...\Steam App 287740) (Version: - Mousechief)
TRENDnet TEW-648UB Wireless N USB Adapter (HKLM-x32\...\{74A8117D-07C6-4222-AFFD-51421B69DEF0}) (Version: 1.00.0000 - TRENDnet)
Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version: - Reality Pump Studios)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Violett (HKLM-x32\...\Steam App 257830) (Version: - Forever Entertainment S. A.)
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Driver Package - Lenovo Corporation (LAD) System (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
搜狐影音 (HKLM-x32\...\搜狐影音) (Version: 0.0.0.0 - 搜狐公司)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Restore Points =========================
28-12-2014 13:57:36 Removed Realtek Ethernet Controller All-In-One Windows Driver
29-12-2014 15:50:24 Restore Point Created by FRST
31-12-2014 09:30:26 Windows Update
31-12-2014 15:31:04 Restore Point Created by FRST
31-12-2014 15:52:40 Removed Sophos Virus Removal Tool.
31-12-2014 15:58:27 Removed Sophos Virus Removal Tool.
31-12-2014 16:16:32 Removed Java 7 Update 67
31-12-2014 16:29:36 Removed Java 8 Update 25
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-12-26 19:45 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
85.25.79.59 www.google-analytics.com.
85.25.79.59 google-analytics.com.
85.25.79.59 connect.facebook.net.
95.141.32.73 www.google-analytics.com.
95.141.32.73 google-analytics.com.
95.141.32.73 connect.facebook.net.
192.95.55.231 www.google-analytics.com.
192.95.55.231 google-analytics.com.
192.95.55.231 connect.facebook.net.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1D20654C-A8B8-44D8-B766-52109305D06F} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {1FC430EA-1EE2-40D0-850B-20A8323EFAD7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {346E7C27-6B5F-4759-9820-26CC924CE0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {38DA9148-2EF2-4AEB-BC87-F3199E506247} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4D24C1F9-4217-4A50-B31E-BD9877BAD97C} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {52B267EA-BE0E-4BA3-B3FC-9FA7F59BCA97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {5DDCFCD0-E807-4966-99C7-9CC479E588D2} - System32\Tasks\{E49F7C0D-F95A-47DC-AE9C-4E1E49F9390F} => pcalua.exe -a C:\Users\Rasuka\0wto11ww.exe -d C:\Users\Rasuka
Task: {6BA6068E-5650-46EB-8D88-37A2B326A1C8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {707CADC8-4B7F-431E-8761-34F2668616BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72CF49A3-4A4B-471F-9AD6-60E504295D6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {78B52EEF-1E5D-4ABE-A477-EE8A943C19B3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {8A567B82-3ED9-452E-AE54-C4EBC2E271A9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {9D80D751-04A3-4441-BEF6-108B9AAC389C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E840021-2EFA-4CE3-AF21-47F1C98F1E16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {A2678D7C-B865-45C2-9490-EC8780D52250} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {A4C494A6-4C0A-4C39-8B84-DE489882957B} - System32\Tasks\{B4A23E6E-C0C0-4CA5-9481-633B8CE5467A} => pcalua.exe -a "C:\Users\Rasuka\Adobe Master Collection CS4\Adobe Master Collection CS4\Adobe CS4 Master Collection - Shadeyman\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent
Task: {AC59EACA-2A72-4191-9A45-F045EE04BEE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {B50B6778-5740-4285-A22F-6764F157C83C} - System32\Tasks\{36D133A2-797D-4CD0-AD2C-763552ED6126} => pcalua.exe -a C:\Users\Rasuka\caiu15us.exe -d C:\Users\Rasuka
Task: {E917B792-DBA4-4B94-971A-D99271FB5DF3} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-05] (Intel)
Task: {E9A7A0DE-8CB0-4F53-B425-4953EB99B396} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegInOut on user logon - Rasuka.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
==================== Loaded Modules (whitelisted) =============
2012-05-30 18:10 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2014-11-02 09:42 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2013-07-12 16:55 - 2008-06-26 18:09 - 00167936 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 18:22 - 2012-05-30 18:42 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2013-07-12 16:55 - 2012-01-05 16:53 - 00606208 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
2012-05-30 18:16 - 2012-04-16 02:17 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-05-30 18:31 - 2011-12-08 13:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2013-07-12 16:55 - 2011-08-11 09:18 - 00413696 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanDll.dll
2013-07-12 16:55 - 2011-08-26 10:55 - 00294912 _____ () C:\Program Files\TRENDnet\TEW-648UB\WPSCtrl.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00021040 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00089136 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\CommonTools.dll
2014-10-18 11:00 - 2014-10-18 11:00 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-05-30 18:05 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-30 18:16 - 2012-03-28 09:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1422646263-2310165737-2160699533-500 - Administrator - Disabled)
Guest (S-1-5-21-1422646263-2310165737-2160699533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1422646263-2310165737-2160699533-1003 - Limited - Enabled)
Rasuka (S-1-5-21-1422646263-2310165737-2160699533-1001 - Administrator - Enabled) => C:\Users\Rasuka
==================== Faulty Device Manager Devices =============
Name: MagicISO SCSI Host Controller
Description: MagicISO SCSI Host Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: MagicISO, Inc.
Service: mcdbus
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/01/2015 08:13:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/01/2015 08:17:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (01/01/2015 08:16:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (01/01/2015 08:13:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/01/2015 08:10:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069
Error: (01/01/2015 08:10:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (01/01/2015 08:10:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (01/01/2015 08:10:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (01/01/2015 08:10:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/01/2015 08:10:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/01/2015 08:10:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (01/01/2015 08:13:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel® Core i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 48%
Total physical RAM: 8053.2 MB
Available physical RAM: 4130.66 MB
Total Pagefile: 20132.2 MB
Available Pagefile: 14679.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:114.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.79 GB) NTFS
Drive f: () (Removable) (Total:7.39 GB) (Free:2.77 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 5226011C)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 52260118)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.3 GB) - (Type=12)
========================================================
Disk: 2 (Size: 7.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================