Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 multiple error msg - Module failed to load [Solved]


  • This topic is locked This topic is locked

#16
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Rasuka.

It looks like your problem with CPU isn't related with malware. As I can see from your Task Manager, your system runs over 120 processes, which is an enormous number (I have 62 now, for example).
I will sweep off some unnecessary startups and tasks from your system, should help a bit.

You could also visit your uninstall list and remove programs you don't use anymore.

 
Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   15.32KB   143 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
AdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Disable your Antivirus program
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click qKMbAXQ.png button. A Notepad window will be opened
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • Fixlog.txt log content
  • AdwCleaner log content
  • Please tell me if disabling and uninstalling programs helped with your CPU problem

  • 0

Advertisements


#17
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

It's a little faster than it was once it started running but from what I can see even after closing some processes it is still running at 95% CPU I will figure out what is causing the massive CPU usage. The videos seem to also be running better than it was so it is a plus :D

 

Here are the logs you requested:-

 

Fixlog:-

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Rasuka at 2014-12-31 15:30:49 Run:3
Running from C:\Users\Rasuka\Desktop
Loaded Profiles: Rasuka &  (Available profiles: Rasuka)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.82.(752).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} =>  No File
BHO-x32: ѸÀ×ÏÂÔØÖ§³Ö×é¼þ -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
2014-12-13 10:35 - 2014-12-14 22:02 - 00000000 ____D () C:\Program Files\Common Files\Thunder Network
2014-12-13 10:34 - 2014-12-13 10:34 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\ѸÀ×ÓÎÏ·
2014-12-13 10:33 - 2014-12-13 14:20 - 00000000 ____D () C:\Users\Public\Thunder Network
2014-12-13 10:33 - 2014-12-13 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷
2014-12-13 10:32 - 2014-12-30 17:23 - 00000000 ____D () C:\Program Files (x86)\Thunder Network
2014-12-13 10:32 - 2014-12-13 10:35 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-12-13 10:28 - 2014-12-13 10:32 - 32010184 _____ (深圳市迅雷网络技术有限公司) C:\Users\Rasuka\Downloads\Thunder_dl_7.9.30.4860.exe
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [378968 2012-01-05] (Alcor Micro Corp.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [606024 2013-09-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-28] ()
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [423200 2008-07-11] (Sony Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Rasuka\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2014-12-19] (Valve Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-07-14] (Microsoft Corporation)
Task: {025A6CEF-C5AE-448C-8430-F0DA437902B9} - System32\Tasks\{F3BC409F-9772-4B6D-A738-4B8CD4912D11} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {0C9F50CC-E1ED-4DB7-822D-5557292AC80B} - System32\Tasks\{FEE8E489-4C4C-4BCB-BDB5-227194F09DCF} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {0D91EB19-AAB1-4274-8D64-1200DCC7A465} - System32\Tasks\{823FE0E4-B8C5-4B7C-A54E-C46D2DBD4573} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"
Task: {185E1C55-F5D1-48F6-AC26-FC3F4438B3EF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1422646263-2310165737-2160699533-1001
Task: {21EBCB66-353E-4E1D-AE3F-2D12330C721C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NICMJNDJCMKJBJ"
Task: {22854C27-DDEA-4088-A6FF-35D963A7EDF3} - System32\Tasks\{E5BFC2D6-BDAB-40AE-9DEF-4DC68F2F500F} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {2A2FEAEB-FFF7-4095-BD71-F985AEBAD5DE} - System32\Tasks\{D12BF48A-CC03-43AB-9EC3-99FED05B2D7A} => pcalua.exe -a "C:\Program Files (x86)\BlueStacks\HD-RuntimeUninstaller.exe"
Task: {3D7C4A06-AD25-4063-8F48-EF7F635906DD} - System32\Tasks\{E5CC5A64-52CF-4623-B2C7-562AFE7CA212} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {469E4821-5767-48F5-85FD-9222334165A8} - System32\Tasks\{CEA399DE-E27B-4EC5-914B-C87A23C3500F} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"
Task: {47F257D5-1098-42A9-BBFE-856B2FAD1054} - System32\Tasks\{2A70A94C-0F7F-4C71-A6B8-46E26D6B249B} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {5713371C-95A7-4917-ADED-232652F8C983} - System32\Tasks\{724FF4FC-7D91-454A-8AB7-9EAE5EF40960} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {5B6E992A-10E7-4E7B-8C4F-F05FC2F376B7} - System32\Tasks\{3BA1A2CC-ADC2-4769-9128-7D1F9D21A55E} => pcalua.exe -a C:\Users\Rasuka\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {6EF09F29-7244-4BBF-94CE-D3FE3602FB51} - System32\Tasks\{45EA421A-51C9-4779-BABF-8240F25648FD} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1
Task: {749B25FB-5C8B-47A8-844C-B0F33197959E} - System32\Tasks\{FF3BA0B8-F3B1-435C-B6AF-C7D4A4F46508} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {8988B92E-0B73-44E3-9435-A8BEE01FC290} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-30] (RealNetworks, Inc.)
Task: {9E65973D-8B00-4AE0-BCDF-529573DEE661} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {A09EB468-DC96-47AC-95EB-C736B09E190D} - System32\Tasks\{3B3FD31A-46A5-418E-80F1-BCC52686A04A} => pcalua.exe -a "C:\Remote Programs\Chicken Invaders 3\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=742650;name=Chicken Invaders 3;dir=C:\Remote Programs\Chicken Invaders 3\;prvid=143;cmdid=1;prvdir=Default
Task: {AA8E2498-F463-4421-B4B9-7ED3506F056A} - System32\Tasks\{E233E265-7560-4FDF-88AD-B2514D009AD1} => pcalua.exe -a C:\Users\Rasuka\Downloads\t-engine-launcher.exe -d C:\Users\Rasuka\Downloads
Task: {AEC66460-48AF-4979-9C0F-660464DC180A} - System32\Tasks\{BB11BA80-79B8-4893-8223-A26E64A7486A} => pcalua.exe -a "C:\Users\Rasuka\Downloads\Horns 2013\WMP x264 Codec Pack.exe" -d "C:\Users\Rasuka\Downloads\Horns 2013"
Task: {B8048D3B-84B0-400E-93D7-311832C64D8C} - System32\Tasks\{8BA15FFB-045D-45EB-9020-A6C37C8646AE} => pcalua.exe -a "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs\overball-setup.exe" -d "C:\Users\Rasuka\Documents\Mabinogi Stuff\Music Creator Stuff\Songs"
Task: {C632E5A5-C9EF-4CE7-A1C7-0D63D0B50AEB} - System32\Tasks\{87E18A00-70D7-4E23-8C0E-A96BD4689162} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {E70CDEF9-7D08-4A58-ACCA-D1B5BA65651E} - System32\Tasks\{BA0D7B23-D099-401C-A2AA-E0DD6CB74988} => pcalua.exe -a "C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe" -d "C:\Program Files (x86)\Reason\Should I Remove It\"
Task: {EAEEF2C9-DD4B-4BDE-8DD3-6E4C76426337} - System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C} => pcalua.exe -a "C:\Program Files (x86)\Thunder Network\Thunder\ThunderUninstall.exe"
Task: {EE9D73D2-AA24-421B-A05C-C075CC325A5B} - System32\Tasks\{4EF5DBBA-8C36-4DF5-BB7E-0DFC7D116955} => Iexplore.exe http://ui.skype.com/...;LastError=1603
Task: {F378FFE8-12D2-4B52-9FE5-ECED93D5AFED} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {FAE7BE10-0F93-4D10-9C7E-4F150E028997} - System32\Tasks\{4A51568A-7C5C-433B-A3C3-21CFEAD0EBEC} => pcalua.exe -a "C:\Remote Programs\Azteca\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=529250;name=Azteca;dir=C:\Remote Programs\Azteca\;prvid=143;cmdid=1;prvdir=Default
Task: {FEE02C20-EAE0-4317-9099-9B4E19D328C0} - System32\Tasks\{C7CAA15D-063A-45B7-BAF2-FC8F6EF10B5E} => pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"
EmptyTemp:
*****************
 
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AAADesktopTips" => Key deleted successfully.
"HKCR\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AAADesktopTips" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DE05CF4A-7B0A-4775-B5E5-396244938679}" => Key deleted successfully.
C:\Program Files\Common Files\Thunder Network => Moved successfully.
C:\Users\Rasuka\AppData\Roaming\ѸÀ×ÓÎÏ· => Moved successfully.
C:\Users\Public\Thunder Network => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷 => Moved successfully.
C:\Program Files (x86)\Thunder Network => Moved successfully.
C:\ProgramData\Thunder Network => Moved successfully.
C:\Users\Rasuka\Downloads\Thunder_dl_7.9.30.4860.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AmIcoSinglun64 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BlueStacks Agent => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Aimersoft Helper Compact.exe => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DelaypluginInstall => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ContentTransferWMDetector.exe => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{025A6CEF-C5AE-448C-8430-F0DA437902B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{025A6CEF-C5AE-448C-8430-F0DA437902B9}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F3BC409F-9772-4B6D-A738-4B8CD4912D11} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F3BC409F-9772-4B6D-A738-4B8CD4912D11}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C9F50CC-E1ED-4DB7-822D-5557292AC80B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C9F50CC-E1ED-4DB7-822D-5557292AC80B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{FEE8E489-4C4C-4BCB-BDB5-227194F09DCF} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FEE8E489-4C4C-4BCB-BDB5-227194F09DCF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D91EB19-AAB1-4274-8D64-1200DCC7A465}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D91EB19-AAB1-4274-8D64-1200DCC7A465}" => Key deleted successfully.
C:\Windows\System32\Tasks\{823FE0E4-B8C5-4B7C-A54E-C46D2DBD4573} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{823FE0E4-B8C5-4B7C-A54E-C46D2DBD4573}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{185E1C55-F5D1-48F6-AC26-FC3F4438B3EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{185E1C55-F5D1-48F6-AC26-FC3F4438B3EF}" => Key deleted successfully.
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-1422646263-2310165737-2160699533-1001 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-1422646263-2310165737-2160699533-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21EBCB66-353E-4E1D-AE3F-2D12330C721C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21EBCB66-353E-4E1D-AE3F-2D12330C721C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Open URL by RoboForm => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22854C27-DDEA-4088-A6FF-35D963A7EDF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22854C27-DDEA-4088-A6FF-35D963A7EDF3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E5BFC2D6-BDAB-40AE-9DEF-4DC68F2F500F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5BFC2D6-BDAB-40AE-9DEF-4DC68F2F500F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A2FEAEB-FFF7-4095-BD71-F985AEBAD5DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A2FEAEB-FFF7-4095-BD71-F985AEBAD5DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D12BF48A-CC03-43AB-9EC3-99FED05B2D7A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D12BF48A-CC03-43AB-9EC3-99FED05B2D7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D7C4A06-AD25-4063-8F48-EF7F635906DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D7C4A06-AD25-4063-8F48-EF7F635906DD}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E5CC5A64-52CF-4623-B2C7-562AFE7CA212} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5CC5A64-52CF-4623-B2C7-562AFE7CA212}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{469E4821-5767-48F5-85FD-9222334165A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{469E4821-5767-48F5-85FD-9222334165A8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{CEA399DE-E27B-4EC5-914B-C87A23C3500F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CEA399DE-E27B-4EC5-914B-C87A23C3500F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47F257D5-1098-42A9-BBFE-856B2FAD1054}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F257D5-1098-42A9-BBFE-856B2FAD1054}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2A70A94C-0F7F-4C71-A6B8-46E26D6B249B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A70A94C-0F7F-4C71-A6B8-46E26D6B249B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5713371C-95A7-4917-ADED-232652F8C983}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5713371C-95A7-4917-ADED-232652F8C983}" => Key deleted successfully.
C:\Windows\System32\Tasks\{724FF4FC-7D91-454A-8AB7-9EAE5EF40960} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{724FF4FC-7D91-454A-8AB7-9EAE5EF40960}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B6E992A-10E7-4E7B-8C4F-F05FC2F376B7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B6E992A-10E7-4E7B-8C4F-F05FC2F376B7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3BA1A2CC-ADC2-4769-9128-7D1F9D21A55E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BA1A2CC-ADC2-4769-9128-7D1F9D21A55E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EF09F29-7244-4BBF-94CE-D3FE3602FB51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EF09F29-7244-4BBF-94CE-D3FE3602FB51}" => Key deleted successfully.
C:\Windows\System32\Tasks\{45EA421A-51C9-4779-BABF-8240F25648FD} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{45EA421A-51C9-4779-BABF-8240F25648FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{749B25FB-5C8B-47A8-844C-B0F33197959E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{749B25FB-5C8B-47A8-844C-B0F33197959E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{FF3BA0B8-F3B1-435C-B6AF-C7D4A4F46508} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF3BA0B8-F3B1-435C-B6AF-C7D4A4F46508}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8988B92E-0B73-44E3-9435-A8BEE01FC290}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8988B92E-0B73-44E3-9435-A8BEE01FC290}" => Key deleted successfully.
C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderDownloaderScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E65973D-8B00-4AE0-BCDF-529573DEE661}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E65973D-8B00-4AE0-BCDF-529573DEE661}" => Key deleted successfully.
C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A09EB468-DC96-47AC-95EB-C736B09E190D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A09EB468-DC96-47AC-95EB-C736B09E190D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3B3FD31A-46A5-418E-80F1-BCC52686A04A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B3FD31A-46A5-418E-80F1-BCC52686A04A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA8E2498-F463-4421-B4B9-7ED3506F056A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA8E2498-F463-4421-B4B9-7ED3506F056A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E233E265-7560-4FDF-88AD-B2514D009AD1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E233E265-7560-4FDF-88AD-B2514D009AD1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEC66460-48AF-4979-9C0F-660464DC180A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEC66460-48AF-4979-9C0F-660464DC180A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BB11BA80-79B8-4893-8223-A26E64A7486A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BB11BA80-79B8-4893-8223-A26E64A7486A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8048D3B-84B0-400E-93D7-311832C64D8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8048D3B-84B0-400E-93D7-311832C64D8C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8BA15FFB-045D-45EB-9020-A6C37C8646AE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8BA15FFB-045D-45EB-9020-A6C37C8646AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C632E5A5-C9EF-4CE7-A1C7-0D63D0B50AEB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C632E5A5-C9EF-4CE7-A1C7-0D63D0B50AEB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{87E18A00-70D7-4E23-8C0E-A96BD4689162} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{87E18A00-70D7-4E23-8C0E-A96BD4689162}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E70CDEF9-7D08-4A58-ACCA-D1B5BA65651E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E70CDEF9-7D08-4A58-ACCA-D1B5BA65651E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BA0D7B23-D099-401C-A2AA-E0DD6CB74988} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BA0D7B23-D099-401C-A2AA-E0DD6CB74988}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAEEF2C9-DD4B-4BDE-8DD3-6E4C76426337}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAEEF2C9-DD4B-4BDE-8DD3-6E4C76426337}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F8A993B-87CA-4A65-8830-DB3AC8EE837C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE9D73D2-AA24-421B-A05C-C075CC325A5B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE9D73D2-AA24-421B-A05C-C075CC325A5B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4EF5DBBA-8C36-4DF5-BB7E-0DFC7D116955} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4EF5DBBA-8C36-4DF5-BB7E-0DFC7D116955}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F378FFE8-12D2-4B52-9FE5-ECED93D5AFED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F378FFE8-12D2-4B52-9FE5-ECED93D5AFED}" => Key deleted successfully.
C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run RoboForm TaskBar Icon" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAE7BE10-0F93-4D10-9C7E-4F150E028997}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAE7BE10-0F93-4D10-9C7E-4F150E028997}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4A51568A-7C5C-433B-A3C3-21CFEAD0EBEC} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4A51568A-7C5C-433B-A3C3-21CFEAD0EBEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEE02C20-EAE0-4317-9099-9B4E19D328C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEE02C20-EAE0-4317-9099-9B4E19D328C0}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C7CAA15D-063A-45B7-BAF2-FC8F6EF10B5E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C7CAA15D-063A-45B7-BAF2-FC8F6EF10B5E}" => Key deleted successfully.
EmptyTemp: => Removed 75.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:42:22 ====
 
Adware Log:-
 
# AdwCleaner v4.106 - Report created 31/12/2014 at 16:49:02
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rasuka - RASUKA-PC
# Running from : C:\Users\Rasuka\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Windows\Reimage.ini
Folder Found : C:\ProgramData\speedypc software
Folder Found : C:\Users\Rasuka\AppData\Local\CrashRpt
Folder Found : C:\Users\Rasuka\AppData\Roaming\speedypc software
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\speedypc software
Key Found : [x64] HKCU\Software\speedypc software
Key Found : HKLM\SOFTWARE\speedypc software
Key Found : [x64] HKLM\SOFTWARE\Reimage
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322287&octid=EB_ORIGINAL_CTID&ISID=M3B560494-7A45-4B99-BB77-62634285F0E4&SearchSource=58&CUI=&UM=5&UP=SPECF79270-BBCD-490B-93CD-EC21209C68A8&q={searchTerms}&SSPV=
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322287&octid=EB_ORIGINAL_CTID&ISID=M3B560494-7A45-4B99-BB77-62634285F0E4&SearchSource=58&CUI=&UM=5&UP=SPECF79270-BBCD-490B-93CD-EC21209C68A8&q={searchTerms}&SSPV=
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=pb2&co=TJ&userid=f3343465-5860-4fe2-82ba-fdea1cb2f4bf&sp=addr&q={searchTerms}&t=c0127&uid=8b345008
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [308 octets] - [21/12/2014 15:31:38]
AdwCleaner[R1].txt - [65296 octets] - [21/12/2014 15:34:37]
AdwCleaner[R2].txt - [1252 octets] - [21/12/2014 17:42:13]
AdwCleaner[R3].txt - [1380 octets] - [23/12/2014 19:38:51]
AdwCleaner[R4].txt - [815 octets] - [31/12/2014 16:14:30]
AdwCleaner[R5].txt - [2689 octets] - [31/12/2014 16:49:02]
AdwCleaner[S0].txt - [70226 octets] - [21/12/2014 15:44:28]
AdwCleaner[S1].txt - [1319 octets] - [21/12/2014 17:44:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [2870 octets] ##########

  • 0

#18
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

just a curious question is there supposed to be 13 svchost.exe processes running just because that is how many I have running and that just seems like a big number


  • 0

#19
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Rasuka.
 

just a curious question is there supposed to be 13 svchost.exe processes running just because that is how many I have running and that just seems like a big number

Everything is okay with that number, I have like 15 of them as well. It's normal, nothing to worry about.

I'm pretty sure that you will solve the CPU problem as I've told you what's going on - you just have too many programs running.

Let's move on.

 
Step #1
Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
AdwCleaner
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click p2tBmrU.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S2].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • JRT.txt log content
  • AdwCleaner[S2].txt log content
  • FRST.txt log content
  • Addition.txt log content

  • 0

#20
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hai :D Happy New Year :D

 

As requested here are the logs:-

 

JRT log:-

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Rasuka on 01/01/2015 at 17:45:52.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ThunderNewTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ThunderNewTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ThunderNewTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ThunderNewTask_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\reimage.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Rasuka\AppData\Roaming\speedypc software"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Rasuka\AppData\Roaming\mozilla\firefox\profiles\qsbpguso.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/01/2015 at 19:40:27.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner log:-

 

# AdwCleaner v4.106 - Report created 01/01/2015 at 20:10:10
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rasuka - RASUKA-PC
# Running from : C:\Users\Rasuka\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Rasuka\AppData\Local\CrashRpt
File Deleted : C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322287&octid=EB_ORIGINAL_CTID&ISID=M3B560494-7A45-4B99-BB77-62634285F0E4&SearchSource=58&CUI=&UM=5&UP=SPECF79270-BBCD-490B-93CD-EC21209C68A8&q={searchTerms}&SSPV=
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322287&octid=EB_ORIGINAL_CTID&ISID=M3B560494-7A45-4B99-BB77-62634285F0E4&SearchSource=58&CUI=&UM=5&UP=SPECF79270-BBCD-490B-93CD-EC21209C68A8&q={searchTerms}&SSPV=
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=pb2&co=TJ&userid=f3343465-5860-4fe2-82ba-fdea1cb2f4bf&sp=addr&q={searchTerms}&t=c0127&uid=8b345008
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
[C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [308 octets] - [21/12/2014 15:31:38]
AdwCleaner[R1].txt - [65296 octets] - [21/12/2014 15:34:37]
AdwCleaner[R2].txt - [1252 octets] - [21/12/2014 17:42:13]
AdwCleaner[R3].txt - [1380 octets] - [23/12/2014 19:38:51]
AdwCleaner[R4].txt - [815 octets] - [31/12/2014 16:14:30]
AdwCleaner[R5].txt - [2958 octets] - [31/12/2014 16:49:02]
AdwCleaner[R6].txt - [2866 octets] - [01/01/2015 19:45:38]
AdwCleaner[S0].txt - [70226 octets] - [21/12/2014 15:44:28]
AdwCleaner[S1].txt - [1319 octets] - [21/12/2014 17:44:00]
AdwCleaner[S2].txt - [2752 octets] - [01/01/2015 20:10:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2812 octets] ##########
 

FRST log:-

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Rasuka (administrator) on RASUKA-PC on 01-01-2015 20:20:26
Running from C:\Users\Rasuka\Desktop
Loaded Profile: Rasuka (Available profiles: Rasuka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-30] (Synaptics)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-05-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-30] (Lenovo)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe [3244080 2012-04-06] (Lenovo)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-16] (LENOVO)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
Startup: C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...t&type=avastbcl
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} ->  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8AE1D0C4-7173-439A-A816-1CE62C27BD64}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CC6CA805-4581-4164-8FC0-492B3F3009C8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D3694D17-36C2-4024-9423-D8AEE6EFE184}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FE9367BC-57FD-431C-AFE2-10F4FBAC625F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: CallChannelManager Class - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7} [2014-11-11]
FF Extension: iMacros for Firefox - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-12-19]
FF Extension: RefControl - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2012-12-20]
FF Extension: Greasemonkey - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-12-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: No Name - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> google.ca_
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-21]
CHR Extension: (Google Docs) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-21]
CHR Extension: (Google Drive) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-21]
CHR Extension: (YouTube) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-21]
CHR Extension: (Google Search) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-21]
CHR Extension: (Tampermonkey) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-21]
CHR Extension: (Google Sheets) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-21]
CHR Extension: (Gmail) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-16] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164184 2012-04-16] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5434008 2013-08-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-26] (Electronic Arts)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-17] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-12-26] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-13] (TODO: <Company name>)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 19:40 - 2015-01-01 19:40 - 00001426 _____ () C:\Users\Rasuka\Desktop\JRT.txt
2015-01-01 17:42 - 2015-01-01 17:43 - 01707939 _____ (Thisisu) C:\Users\Rasuka\Desktop\JRT.exe
2014-12-31 16:26 - 2014-12-27 14:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-31 16:26 - 2014-12-27 14:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-31 16:07 - 2014-12-31 16:07 - 02173952 _____ () C:\Users\Rasuka\Desktop\AdwCleaner.exe
2014-12-31 14:25 - 2014-12-31 14:25 - 00002978 _____ () C:\Windows\SysWOW64\rsslogs.20141231090416
2014-12-31 09:05 - 2014-12-31 09:05 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-31 09:05 - 2014-12-31 09:05 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-30 11:21 - 2014-12-30 11:21 - 00305496 _____ () C:\Windows\Minidump\123014-57002-01.dmp
2014-12-29 22:08 - 2014-12-30 18:40 - 00047884 _____ () C:\Users\Rasuka\Desktop\Addition.txt
2014-12-29 16:36 - 2014-12-29 16:36 - 00002958 _____ () C:\Windows\SysWOW64\rsslogs.20141229163422
2014-12-29 10:07 - 2014-12-29 10:07 - 00002969 _____ () C:\Windows\SysWOW64\rsslogs.20141229100044
2014-12-29 09:30 - 2014-12-29 09:33 - 00011920 _____ () C:\Windows\SysWOW64\rsslogs.20141229092849
2014-12-28 18:17 - 2014-12-28 18:19 - 00011527 _____ () C:\Users\Rasuka\Desktop\ckfiles.txt
2014-12-28 17:45 - 2014-12-28 17:45 - 00468480 _____ () C:\Users\Rasuka\Desktop\CKScanner.exe
2014-12-28 15:41 - 2014-12-28 15:41 - 00000000 ____D () C:\Users\Rasuka\Desktop\FRST-OlderVersion
2014-12-28 12:37 - 2014-12-28 12:37 - 00000020 ___SH () C:\Users\Rasuka\ntuser.ini
2014-12-28 11:15 - 2014-12-28 11:15 - 00308360 _____ () C:\Windows\Minidump\122814-59514-01.dmp
2014-12-28 08:20 - 2014-12-28 08:20 - 00000000 _____ () C:\Users\Rasuka\AppData\Local\{D7C78B3C-29B7-4F9D-9D6D-05D8D4771822}
2014-12-28 08:06 - 2014-12-28 08:06 - 00003186 _____ () C:\Windows\SysWOW64\rsslogs.20141228080627
2014-12-27 21:28 - 2015-01-01 20:32 - 00036788 _____ () C:\Users\Rasuka\Desktop\FRST.txt
2014-12-27 21:26 - 2014-12-28 15:41 - 02123264 _____ (Farbar) C:\Users\Rasuka\Desktop\FRST64.exe
2014-12-27 19:25 - 2015-01-01 20:26 - 00000000 ____D () C:\FRST
2014-12-27 15:45 - 2014-12-27 16:15 - 00006372 _____ () C:\Windows\SysWOW64\rsslogs.20141227154136
2014-12-27 13:32 - 2014-12-28 13:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-27 10:17 - 2014-12-28 13:36 - 00000000 ____D () C:\ProgramData\Norton
2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-27 10:01 - 2014-12-27 10:02 - 00002910 _____ () C:\Windows\SysWOW64\rsslogs.20141227095652
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean.tmp
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean
2014-12-26 19:53 - 2014-12-26 19:53 - 00000398 _____ () C:\Windows\Tasks\RegInOut on user logon - Rasuka.job
2014-12-26 19:52 - 2014-12-26 19:52 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-12-26 19:49 - 2014-12-26 19:49 - 00000235 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
2014-12-26 19:31 - 2015-01-01 20:13 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:31 - 2015-01-01 20:13 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:22 - 2014-12-26 21:45 - 00000000 ____D () C:\ProgramData\Backup
2014-12-26 18:18 - 2014-12-26 21:00 - 00000000 ____D () C:\ProgramData\RegInOut
2014-12-26 15:13 - 2014-12-31 16:03 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-26 09:25 - 2014-12-26 09:25 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-12-25 12:22 - 2014-12-25 15:20 - 00000752 _____ () C:\Windows\DtcInstall.log
2014-12-25 11:01 - 2014-12-25 11:19 - 00001446 _____ () C:\Windows\comsetup.log
2014-12-25 10:38 - 2014-12-25 10:38 - 00000002 _____ () C:\$UpgDrv$
2014-12-25 10:37 - 2014-12-25 10:37 - 00001594 _____ () C:\Windows\CompatibilityIssues.txt
2014-12-25 10:20 - 2014-12-26 09:25 - 00000000 ____D () C:\$UPGRADE.~OS
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagwrn.xml
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagerr.xml
2014-12-24 20:16 - 2014-12-24 20:16 - 00455136 ____T () C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____H () C:\Users\Rasuka\Documents\Default.rdp
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
2014-12-24 20:14 - 2014-12-24 20:15 - 00000000 ____D () C:\Program Files\SIW Home Edition
2014-12-24 19:43 - 2014-12-27 10:08 - 00000000 ____D () C:\Windows\pss
2014-12-24 18:43 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-12-24 18:27 - 2014-12-24 18:27 - 00305192 _____ () C:\Windows\Minidump\122414-8112-01.dmp
2014-12-24 11:23 - 2014-12-24 11:23 - 00305000 _____ () C:\Windows\Minidump\122414-45427-01.dmp
2014-12-23 23:03 - 2014-12-23 23:03 - 00000000 ____D () C:\ProgramData\F-Secure
2014-12-23 21:13 - 2014-12-26 13:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-23 21:06 - 2014-12-23 21:06 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\71490227.sys
2014-12-23 20:36 - 2014-12-23 21:48 - 00000000 ____D () C:\Users\Rasuka\Downloads\tdsskiller
2014-12-23 20:36 - 2014-12-23 20:37 - 05198336 _____ (AVAST Software) C:\Users\Rasuka\Downloads\aswMBR.exe
2014-12-23 20:35 - 2014-12-23 20:35 - 04166770 _____ () C:\Users\Rasuka\Downloads\tdsskiller.zip
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\system32\NV
2014-12-23 19:52 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-23 19:18 - 2014-12-23 19:19 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141223191743
2014-12-23 19:01 - 2014-12-23 19:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 14:13 - 2014-12-31 19:12 - 00212480 ___SH () C:\Users\Rasuka\Thumbs.db
2014-12-21 22:09 - 2014-12-21 22:09 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-21 22:09 - 2014-12-21 22:09 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-21 22:09 - 2014-12-21 22:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-21 22:09 - 2014-12-21 22:09 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-21 22:09 - 2014-12-21 22:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-21 22:09 - 2014-12-21 22:09 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-21 22:09 - 2014-12-21 22:09 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-21 22:09 - 2014-12-21 22:09 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-21 22:09 - 2014-12-21 22:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-21 22:09 - 2014-12-21 22:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-21 22:09 - 2014-12-21 22:09 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-21 22:08 - 2014-12-21 22:09 - 00003397 _____ () C:\Windows\IE9_main.log
2014-12-21 20:25 - 2014-12-23 20:38 - 00000424 _____ () C:\Windows\system32\.crusader
2014-12-21 18:59 - 2014-12-21 20:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-21 18:59 - 2014-12-21 18:59 - 11222744 _____ (SurfRight B.V.) C:\Users\Rasuka\Downloads\HitmanPro_x64.exe
2014-12-21 18:41 - 2014-12-30 11:21 - 1091069408 _____ () C:\Windows\MEMORY.DMP
2014-12-21 18:41 - 2014-12-21 18:41 - 00287584 _____ () C:\Windows\Minidump\122114-17612-01.dmp
2014-12-21 18:29 - 2014-12-22 09:07 - 00001424 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-21 18:26 - 2015-01-01 20:11 - 00036390 _____ () C:\Windows\PFRO.log
2014-12-21 18:19 - 2014-12-21 18:19 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-21 18:19 - 2014-12-21 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-21 18:18 - 2015-01-01 20:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 18:18 - 2015-01-01 20:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 18:16 - 2015-01-01 20:26 - 00787986 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 18:15 - 2014-12-21 18:15 - 00003284 _____ () C:\Windows\SysWOW64\rsslogs.20141221181208
2014-12-21 18:11 - 2015-01-01 20:12 - 00002683 _____ () C:\Windows\setupact.log
2014-12-21 18:11 - 2014-12-25 10:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-21 15:32 - 2014-12-21 15:32 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 15:31 - 2015-01-01 20:10 - 00000000 ____D () C:\AdwCleaner
2014-12-21 15:30 - 2014-12-21 15:30 - 02173952 _____ () C:\Users\Rasuka\Downloads\AdwCleaner.exe
2014-12-21 15:30 - 2014-12-21 15:30 - 01707646 _____ (Thisisu) C:\Users\Rasuka\Downloads\JRT.exe
2014-12-21 15:20 - 2014-12-21 15:21 - 124144376 _____ (Microsoft Corporation) C:\Users\Rasuka\Downloads\msert.exe
2014-12-21 15:06 - 2014-12-21 15:06 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141221150518
2014-12-17 20:10 - 2014-12-17 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-16 09:30 - 2014-12-21 15:05 - 00000304 _____ () C:\Windows\system32\TemporarFileConfiguration
2014-12-15 20:50 - 2014-12-15 20:53 - 00000000 ____D () C:\Users\Rasuka\衝上雲霄
2014-12-13 10:34 - 2014-12-13 10:34 - 00000020 _____ () C:\Windows\SysWOW64\pub_store.dat
2014-12-13 10:34 - 2014-12-13 10:32 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\atl90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00001857 _____ () C:\Windows\system32\Microsoft.VC90.CRT.manifest
2014-12-13 10:34 - 2014-12-13 10:32 - 00000466 _____ () C:\Windows\system32\Microsoft.VC90.ATL.manifest
2014-12-12 15:22 - 2014-12-12 15:22 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141212152137
2014-12-10 22:03 - 2014-12-10 22:03 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 15:27 - 2014-12-10 15:27 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141210152457
2014-12-09 23:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 23:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 15:52 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 15:52 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 15:51 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 15:50 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 15:50 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 15:50 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 15:50 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 15:50 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 15:50 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-03 18:52 - 2014-12-03 18:52 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-02 11:32 - 2014-12-02 11:32 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141202105225
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 20:38 - 2014-11-25 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 20:33 - 2013-03-17 08:54 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Skype
2015-01-01 20:32 - 2014-11-01 11:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 20:22 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 20:22 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 20:21 - 2009-07-14 00:13 - 00791388 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 20:17 - 2012-08-26 00:23 - 00010230 _____ () C:\Users\Public\CAFADEBUG.log
2015-01-01 20:15 - 2012-05-30 18:32 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-01 20:13 - 2012-10-03 23:07 - 03401516 _____ () C:\FaceProv.log
2015-01-01 20:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 17:55 - 2014-10-12 07:15 - 00001939 _____ () C:\Users\Rasuka\Desktop\ Mabinogi .lnk
2014-12-31 16:28 - 2012-09-06 20:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-31 15:39 - 2012-08-29 15:28 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-12-31 15:38 - 2012-08-26 05:14 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-31 14:32 - 2012-08-26 00:12 - 00000000 ____D () C:\Users\Rasuka\Tracing
2014-12-31 14:30 - 2013-04-12 16:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-30 18:04 - 2012-08-25 23:49 - 00000000 ___SD () C:\Users\Rasuka
2014-12-30 16:49 - 2012-08-26 08:05 - 00000000 ____D () C:\ProgramData\RegCure
2014-12-30 11:21 - 2013-12-28 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 21:15 - 2014-11-14 22:03 - 00007597 _____ () C:\Users\Rasuka\AppData\Local\resmon.resmoncfg
2014-12-28 18:07 - 2012-08-26 08:14 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\uTorrent
2014-12-28 14:10 - 2012-05-30 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-28 13:41 - 2013-01-25 08:29 - 00000000 ____D () C:\Users\Rasuka\New folder (2)
2014-12-28 12:29 - 2009-07-14 00:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-27 20:23 - 2013-04-09 16:55 - 00000000 ____D () C:\Users\Rasuka\Documents\Just Another Day with you
2014-12-27 15:06 - 2013-03-17 08:54 - 00000000 ____D () C:\ProgramData\Skype
2014-12-27 15:05 - 2014-11-15 08:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-27 14:51 - 2014-10-03 10:27 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-26 20:34 - 2013-01-10 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2014-12-26 19:45 - 2014-10-29 16:54 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-26 19:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 09:39 - 2012-08-26 10:08 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-12-26 09:39 - 2012-08-26 08:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-12-26 09:39 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-26 09:39 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-26 09:21 - 2010-11-20 09:42 - 00000000 ____D () C:\$WINDOWS.~BT
2014-12-24 18:14 - 2014-02-16 19:24 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-23 21:56 - 2012-08-25 23:48 - 00000000 ____D () C:\Recovery
2014-12-23 21:48 - 2014-10-19 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-23 21:48 - 2012-11-12 08:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-23 21:48 - 2012-08-25 23:49 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-23 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-23 21:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-23 20:03 - 2014-03-23 07:23 - 00000000 ____D () C:\Temp
2014-12-23 20:03 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-22 16:12 - 2013-03-18 10:45 - 00000000 ____D () C:\Users\Rasuka\New folder (3)
2014-12-22 15:59 - 2014-11-14 16:07 - 00000000 ____D () C:\Users\Rasuka\Downloads\Flockers-FLT
2014-12-22 15:42 - 2014-09-08 07:12 - 00000000 ____D () C:\Users\Rasuka\Documents\Chemical Lab Tech
2014-12-22 09:07 - 2012-08-25 23:50 - 00001418 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-21 18:27 - 2011-02-24 12:03 - 00000000 ____D () C:\Windows\Panther
2014-12-21 18:19 - 2012-08-26 00:26 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Google
2014-12-21 18:19 - 2012-05-30 18:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-21 18:18 - 2012-05-30 18:37 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-21 18:18 - 2012-05-30 18:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-12-21 09:33 - 2013-04-14 09:33 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Deployment
2014-12-20 10:19 - 2014-11-22 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 22:06 - 2009-07-13 21:34 - 00001512 ___SH () C:\Windows\system32\Drivers\etc\hosts.hitmanpro
2014-12-18 18:46 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-17 21:40 - 2013-06-10 13:48 - 00000000 ____D () C:\Users\Rasuka\New folder (4)
2014-12-17 18:41 - 2014-10-23 14:54 - 00000000 ____D () C:\Program Files (x86)\Granado Espada Online
2014-12-14 15:01 - 2012-08-28 21:34 - 00000000 ____D () C:\Users\Rasuka\Documents\Youcam
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 05:08 - 2014-02-16 19:18 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-13 05:08 - 2012-05-30 18:09 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 01097360 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 03:03 - 2012-05-30 18:10 - 00628040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-12 22:38 - 2014-11-25 21:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 22:12 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 22:05 - 2014-11-25 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 22:05 - 2014-11-25 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-12 18:11 - 2012-05-30 18:10 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-12 15:25 - 2014-01-10 11:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 22:03 - 2014-04-29 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 15:51 - 2012-08-26 08:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 15:47 - 2013-07-16 06:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 15:34 - 2012-08-26 00:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 15:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-12-09 13:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-12-07 18:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-12-06 10:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-12-03 18:52 - 2014-11-01 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 18:52 - 2014-11-01 11:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 16:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-02 14:56 - 2014-05-09 21:20 - 00000000 ____D () C:\ProgramData\Origin
2014-12-02 14:55 - 2014-05-09 21:20 - 00000000 ____D () C:\Program Files (x86)\Origin
 
Some content of TEMP:
====================
C:\Users\Rasuka\AppData\Local\Temp\Quarantine.exe
C:\Users\Rasuka\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-27 17:11
 
==================== End Of Log ============================
 

Addition log:-

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Rasuka at 2015-01-01 20:39:41
Running from C:\Users\Rasuka\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A Walk in the Dark (HKLM-x32\...\Steam App 248730) (Version:  - )
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\Adobe_ced94c8db6b9767b7dd95a4c64ecdc8) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Aimersoft Video Converter Ultimate(Build 6.4.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.4.1.0 - Aimersoft Software)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.3042.60281 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.3042.60281 - Alcor Micro Corp.) Hidden
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
All Sound Recorder XP 2.30 (HKLM-x32\...\All Sound Recorder XP_is1) (Version:  - MP3DO, Inc.)
Anvil Studio (HKLM-x32\...\{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}) (Version: 14.03.01 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{BC3AFA60-3E98-4F5B-81B7-0A919050C0D7}) (Version: 12.12.07 - Willow Software)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Brownie (HKLM-x32\...\{F40CA00E-B365-448A-B146-BC061F1230A0}) (Version: 1.0.2 - Hotarugirl)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.50 - Conexant)
Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.0.0.07110 - Sony Corporation)
CoreAAC (HKLM-x32\...\CoreAAC) (Version:  - )
Costume Quest (HKLM-x32\...\Costume Quest_is1) (Version:  - )
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Disney Epic Mickey 2 (HKLM-x32\...\{FD86651E-5875-4964-9E18-7F128292EBB1}) (Version: 1.00.0000 - Disney Interactive Studios)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
FATE (HKLM-x32\...\Steam App 246840) (Version:  - WildTangent)
FATE: Undiscovered Realms (HKLM-x32\...\Steam App 276890) (Version:  - WildTangent)
Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.01.516 - Gamigo games)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.54 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version:  - IMC Games Co., Ltd.)
Grimm (HKLM-x32\...\Steam App 252150) (Version:  - Spicyhorse Games)
Hexic Deluxe (HKLM-x32\...\{E26DE186-3540-4489-83D0-8BFFBFBDBBC8}) (Version: 1.0.0 - Zone.com Deluxe Games)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Knights of Pen and Paper (HKLM-x32\...\Knights of Pen and Paper_is1) (Version:  - Paradox Interactive)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.7 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.7 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3807 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3807 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.0.29 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Media Manager for WALKMAN 1.2 (HKLM-x32\...\{5A6ED905-D19D-4954-8499-0DAF386460F7}) (Version: 1.2.771 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PrintMusic! 2000 (HKLM-x32\...\PrintMusic! 2000) (Version:  - )
QBeez 2 (HKLM-x32\...\QBeez 2_is1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds_is1) (Version:  - )
Ricochet Xtreme (HKLM-x32\...\Ricochet Xtreme Retail_is1) (Version:  - Reflexive Entertainment, Inc.)
Rogue Legacy version 0.0.0.9 (HKLM-x32\...\Rogue Legacy_is1) (Version: 0.0.0.9 - WaLMaRT)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SharpEye Music Reader 2 (HKLM-x32\...\SharpEye Music Reader 2) (Version:  - Visiv)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version:  - KING Art)
The Book of Unwritten Tales: The Critter Chronicles (HKLM-x32\...\Steam App 221830) (Version:  - KING Art)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version:  - SQUARE ENIX)
The Witch's Yarn (HKLM-x32\...\Steam App 287740) (Version:  - Mousechief)
TRENDnet TEW-648UB Wireless N USB Adapter (HKLM-x32\...\{74A8117D-07C6-4222-AFFD-51421B69DEF0}) (Version: 1.00.0000 - TRENDnet)
Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version:  - Reality Pump Studios)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Violett (HKLM-x32\...\Steam App 257830) (Version:  - Forever Entertainment S. A.)
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Driver Package - Lenovo Corporation (LAD) System  (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
搜狐影音 (HKLM-x32\...\搜狐影音) (Version: 0.0.0.0 - 搜狐公司)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
28-12-2014 13:57:36 Removed Realtek Ethernet Controller All-In-One Windows Driver
29-12-2014 15:50:24 Restore Point Created by FRST
31-12-2014 09:30:26 Windows Update
31-12-2014 15:31:04 Restore Point Created by FRST
31-12-2014 15:52:40 Removed Sophos Virus Removal Tool.
31-12-2014 15:58:27 Removed Sophos Virus Removal Tool.
31-12-2014 16:16:32 Removed Java 7 Update 67
31-12-2014 16:29:36 Removed Java 8 Update 25
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-26 19:45 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.79.59 www.google-analytics.com.
85.25.79.59 google-analytics.com.
85.25.79.59 connect.facebook.net.
95.141.32.73 www.google-analytics.com.
95.141.32.73 google-analytics.com.
95.141.32.73 connect.facebook.net.
192.95.55.231 www.google-analytics.com.
192.95.55.231 google-analytics.com.
192.95.55.231 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1D20654C-A8B8-44D8-B766-52109305D06F} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {1FC430EA-1EE2-40D0-850B-20A8323EFAD7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {346E7C27-6B5F-4759-9820-26CC924CE0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {38DA9148-2EF2-4AEB-BC87-F3199E506247} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4D24C1F9-4217-4A50-B31E-BD9877BAD97C} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {52B267EA-BE0E-4BA3-B3FC-9FA7F59BCA97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {5DDCFCD0-E807-4966-99C7-9CC479E588D2} - System32\Tasks\{E49F7C0D-F95A-47DC-AE9C-4E1E49F9390F} => pcalua.exe -a C:\Users\Rasuka\0wto11ww.exe -d C:\Users\Rasuka
Task: {6BA6068E-5650-46EB-8D88-37A2B326A1C8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {707CADC8-4B7F-431E-8761-34F2668616BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72CF49A3-4A4B-471F-9AD6-60E504295D6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {78B52EEF-1E5D-4ABE-A477-EE8A943C19B3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {8A567B82-3ED9-452E-AE54-C4EBC2E271A9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {9D80D751-04A3-4441-BEF6-108B9AAC389C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E840021-2EFA-4CE3-AF21-47F1C98F1E16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {A2678D7C-B865-45C2-9490-EC8780D52250} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {A4C494A6-4C0A-4C39-8B84-DE489882957B} - System32\Tasks\{B4A23E6E-C0C0-4CA5-9481-633B8CE5467A} => pcalua.exe -a "C:\Users\Rasuka\Adobe Master Collection CS4\Adobe Master Collection CS4\Adobe CS4 Master Collection - Shadeyman\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent
Task: {AC59EACA-2A72-4191-9A45-F045EE04BEE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {B50B6778-5740-4285-A22F-6764F157C83C} - System32\Tasks\{36D133A2-797D-4CD0-AD2C-763552ED6126} => pcalua.exe -a C:\Users\Rasuka\caiu15us.exe -d C:\Users\Rasuka
Task: {E917B792-DBA4-4B94-971A-D99271FB5DF3} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-05] (Intel)
Task: {E9A7A0DE-8CB0-4F53-B425-4953EB99B396} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegInOut on user logon - Rasuka.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-30 18:10 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2014-11-02 09:42 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2013-07-12 16:55 - 2008-06-26 18:09 - 00167936 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 18:22 - 2012-05-30 18:42 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2013-07-12 16:55 - 2012-01-05 16:53 - 00606208 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
2012-05-30 18:16 - 2012-04-16 02:17 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-05-30 18:31 - 2011-12-08 13:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2013-07-12 16:55 - 2011-08-11 09:18 - 00413696 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanDll.dll
2013-07-12 16:55 - 2011-08-26 10:55 - 00294912 _____ () C:\Program Files\TRENDnet\TEW-648UB\WPSCtrl.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00021040 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00089136 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\CommonTools.dll
2014-10-18 11:00 - 2014-10-18 11:00 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-05-30 18:05 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-30 18:16 - 2012-03-28 09:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-21 18:19 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1422646263-2310165737-2160699533-500 - Administrator - Disabled)
Guest (S-1-5-21-1422646263-2310165737-2160699533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1422646263-2310165737-2160699533-1003 - Limited - Enabled)
Rasuka (S-1-5-21-1422646263-2310165737-2160699533-1001 - Administrator - Enabled) => C:\Users\Rasuka
 
==================== Faulty Device Manager Devices =============
 
Name: MagicISO SCSI Host Controller
Description: MagicISO SCSI Host Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: MagicISO, Inc.
Service: mcdbus
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/01/2015 08:13:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/01/2015 08:17:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (01/01/2015 08:16:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (01/01/2015 08:13:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/01/2015 08:10:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1069
 
Error: (01/01/2015 08:10:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/01/2015 08:10:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (01/01/2015 08:10:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (01/01/2015 08:10:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/01/2015 08:10:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/01/2015 08:10:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/01/2015 08:13:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 48%
Total physical RAM: 8053.2 MB
Available physical RAM: 4130.66 MB
Total Pagefile: 20132.2 MB
Available Pagefile: 14679.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:114.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.79 GB) NTFS
Drive f: () (Removable) (Total:7.39 GB) (Free:2.77 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 5226011C)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 52260118)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.3 GB) - (Type=12)
 
========================================================
Disk: 2 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#21
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Rasuka.
 

Happy New Year :D

Thanks, same to you :)

We're most likely going to end soon, just some more checks left.

 
Step #1
Malwarebytes Anti-Malware

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove Malwarebytes Anti-Malware. We will need to download the latest version.
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click the 4uwHOgV.png button. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
  • Click the HVS7vK4.png button.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click fxn8GTf.jpg
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that:
    • Enable detection of potentially unwanted applications is checked
    • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
    TcWwbLS.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content
  • Checkup.txt log content

  • 0

#22
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I can't seem to locate the malwarebytes anti-malware log but it did remove 6 things.

 

As for the online scanner it refuse to scan when i ran it regularly it took 12 hours to scan 3% of my computer so I booted it in safe mode and this was the log:-

 

# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4d20e1dd73f3e34890e22e7b0a4709a5
# engine=21812
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-04 09:17:31
# local_time=2015-01-04 04:17:31 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5123 16777214 88 100 5675659 46710937 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 171949701 0 0
# scanned=375737
# found=19
# cleaned=0
# scan_time=17392
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=ECA4A5549FE7C1010C8CF82ADED0869445104113 ft=1 fh=6a94424ce7b3801f vn="a variant of Win32/MessengerPlus.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\yuna software\Messenger Plus!\Settings\Settings.exe.vir"
sh=5618C3AE61B19703110A173ACB7F4B1544C3347C ft=1 fh=c8c204d4690517c4 vn="a variant of MSIL/Adware.PullUpdate.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=9DEF9E2A2B1C74C704A82B5413D7CEA69C57EF4F ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Activation Disabler.cmd"
sh=601676D488C3DD148410DDC7EB8785E1F52A8AD3 ft=1 fh=15cfdd310a9914b3 vn="a variant of Win32/HackTool.Crack.BB potentially unsafe application" ac=I fn="C:\Program Files (x86)\Disney Interactive Studios\Disney Epic Mickey 2\rld.dll"
sh=7398A9F5BEA2860C016145E8152198CFC0311869 ft=1 fh=c71c00119574698e vn="a variant of Win64/Sathurbot.A trojan" ac=I fn="C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll"
sh=541CFA0A0CFC4C28493B65FFDF934ABC172236FD ft=1 fh=abd058153dfcd00c vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\ProgramData\xTtqYNb\dat\TdolZgPEv.dll"
sh=BEFDCD39FCAA5DAC047C8510595D027197DD1451 ft=1 fh=eb5e33d8ec46aa5c vn="a variant of Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Reactivate.exe.vir"
sh=DA1899D43F337394C891301B5D23A40D661F9862 ft=1 fh=bc85500575f63717 vn="Win32/Toolbar.Zugo.E potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir"
sh=DE25AF9466ABC0218682306B8CD4C5EA6A7D0DE9 ft=1 fh=26a24944a164baca vn="a variant of Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir"
sh=4E85ED587BFE19EC609164091E154096E8BCCEFE ft=1 fh=039edbbf2a5d268c vn="a variant of Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe.vir"
sh=68699DB446B870EA53105A96999476B67317EFB7 ft=1 fh=1d21e89b4f50512a vn="a variant of Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir"
sh=722A472368D8687E5A61141E23FB5D4E182EA3AF ft=1 fh=39ea45f45683aec6 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\$RECYCLE.BIN\S-1-5-21-1422646263-2310165737-2160699533-1001\$REWHK3N.dll"
sh=7398A9F5BEA2860C016145E8152198CFC0311869 ft=1 fh=c71c00119574698e vn="a variant of Win64/Sathurbot.A trojan" ac=I fn="C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll"
sh=541CFA0A0CFC4C28493B65FFDF934ABC172236FD ft=1 fh=abd058153dfcd00c vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Users\All Users\xTtqYNb\dat\TdolZgPEv.dll"
sh=9DEF9E2A2B1C74C704A82B5413D7CEA69C57EF4F ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="C:\Users\Rasuka\Adobe Master Collection CS4 key gen\Activation Disabler.cmd"
sh=006AC0EBA2A94658B41219E8221BF8D73651365C ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BU trojan" ac=I fn="C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7}\components\CallChannelManagerClass.js"
sh=722A472368D8687E5A61141E23FB5D4E182EA3AF ft=1 fh=39ea45f45683aec6 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Rasuka\New folder (2)\Mabinogi\Pleione.dll"
sh=04BFD2536899D09566918186B1894A92CAC5B204 ft=1 fh=ded6d3f69b79f185 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Rasuka\New folder (3)\Tangled\Jaybob's_Movies_Toolbar_Internet Explorer.exe"
 
The security check log:-
 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

  • 0

#23
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Rasuka.

I've noticed that the following programs on your system have been obtained illegally:
  • Adobe Photoshop CS4
  • Disney Epic Mickey 2
This violates our Terms of Use:

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.


You have two options now:
Option #1: Keep the illegally obtained software, which will result in stopping my help and closing this topic
Option #2: Remove the illegally obtained software and continue with cleaning your computer

It's your call. If you choose to remove that software, do so and then show me the new FRST scan using the following instructions:

FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

  • 0

#24
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Along with those two programs I also removed a bunch of other stuff but I'm not sure if they are gone from my system. I did have some difficulty removing photoshop CS4 if you still see traces of it please go ahead and remove it, but here are the logs you requested:-

 

FRST log:-

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by Rasuka (administrator) on RASUKA-PC on 06-01-2015 17:12:28
Running from C:\Users\Rasuka\Desktop
Loaded Profiles: Rasuka &  (Available profiles: Rasuka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Gretech Corp.) C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-05-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-30] (Lenovo)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe [3244080 2012-04-06] (Lenovo)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SohuVA] => "C:\Program Files (x86)\????\SHPlayer.exe" /auto
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2015-01-02] (Valve Corporation)
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => "C:\Program Files\Sandboxie\SbieCtrl.exe"
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => "C:\Users\Rasuka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Del5288808] => cmd.exe /Q /D /c del "C:\Users\Rasuka\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Del8716821] => cmd.exe /Q /D /c del "C:\Users\Rasuka\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...t&type=avastbcl
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...t&type=avastbcl
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {341f4dac-1966-47ff-aacf-0ce175f1498a} - No File
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {279560F9-9C70-4028-9C2D-E477D827903C} URL = 
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {17AB2B29-6ACE-46AD-8F64-B68BE905FD42} URL = http://ca.search.yah...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2FEA9F96-D83A-4CD2-A535-672FE43303CF} URL = http://websearch.ask...CB-3666E76F966D
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...1I7LENN_enCA498
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {70BA3E6B-1059-2266-0B2C-40E4A85231B8} URL = http://www.ddlstart....eferrer:source}
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={FF5D710C-5738-4FFF-9748-51E1CB0928F1}&mid=c7b73156215347d0b0f2d5343d3d5734-fed77a202c9cf31e9f193f7498c12a3171a40e6f&lang=en&ds=gm011&pr=sa&d=2013-03-26 08:02:34&v=15.0.0.2&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} ->  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {341F4DAC-1966-47FF-AACF-0CE175F1498A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{0AEA375E-AF23-4E9D-BFB4-DA5D665BED97}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4C664B27-4F08-4406-B0A7-0EF30F874AD9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8AE1D0C4-7173-439A-A816-1CE62C27BD64}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CC6CA805-4581-4164-8FC0-492B3F3009C8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D3694D17-36C2-4024-9423-D8AEE6EFE184}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FE9367BC-57FD-431C-AFE2-10F4FBAC625F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: CallChannelManager Class - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7} [2014-11-11]
FF Extension: iMacros for Firefox - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-12-19]
FF Extension: RefControl - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2012-12-20]
FF Extension: Greasemonkey - C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-12-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: No Name - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> google.ca_
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-21]
CHR Extension: (Google Docs) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-21]
CHR Extension: (Google Drive) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-21]
CHR Extension: (YouTube) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-21]
CHR Extension: (Google Search) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-21]
CHR Extension: (Tampermonkey) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-21]
CHR Extension: (Google Sheets) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-21]
CHR Extension: (Gmail) - C:\Users\Rasuka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-16] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164184 2012-04-16] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5434008 2013-08-25] (INCA Internet Co., Ltd.)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-26] (Electronic Arts)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-17] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-12-26] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-13] (TODO: <Company name>)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-05 18:38 - 2015-01-05 18:38 - 00347816 _____ (Microsoft Corporation) C:\Users\Rasuka\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.1343926744323502.1.2.Run.exe
2015-01-05 17:26 - 2015-01-05 16:55 - 06067608 ____N (Adobe System Incorporated.) C:\Users\Rasuka\AdobeCreativeCloudCleanerTool.exe
2015-01-05 14:46 - 2015-01-05 14:46 - 00003116 _____ () C:\Windows\System32\Tasks\{688D4B71-E0BC-4A2B-AA28-D8DAAC274AFA}
2015-01-05 09:50 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-05 09:50 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-04 12:08 - 2015-01-04 12:08 - 00000179 _____ () C:\console.log
2015-01-04 12:06 - 2015-01-04 12:07 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\NexonLauncher
2015-01-04 12:06 - 2015-01-04 12:06 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\NexonLauncher
2015-01-04 12:05 - 2015-01-04 12:07 - 00000000 ____D () C:\Program Files (x86)\Nexon
2015-01-04 11:16 - 2015-01-04 11:27 - 00000149 _____ () C:\Users\Rasuka\Desktop\ESET.url
2015-01-04 10:55 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-03 14:12 - 2015-01-03 14:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-03 13:44 - 2015-01-03 13:44 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-03 13:44 - 2015-01-03 13:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-03 13:44 - 2015-01-03 13:44 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-03 13:44 - 2015-01-03 13:44 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-03 13:44 - 2015-01-03 13:44 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-01-03 13:44 - 2015-01-03 13:44 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-03 13:44 - 2015-01-03 13:44 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-03 13:44 - 2015-01-03 13:44 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-03 13:44 - 2015-01-03 13:44 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-03 13:44 - 2015-01-03 13:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-01-03 13:44 - 2015-01-03 13:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-01-03 13:44 - 2015-01-03 13:44 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-03 13:44 - 2015-01-03 13:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-03 13:32 - 2015-01-03 13:46 - 00005719 _____ () C:\Windows\IE11_main.log
2015-01-03 12:58 - 2015-01-03 13:23 - 00006855 _____ () C:\Windows\IE10_main.log
2015-01-03 12:55 - 2015-01-03 12:56 - 02347384 _____ (ESET) C:\Users\Rasuka\Desktop\esetsmartinstaller_enu.exe
2015-01-03 12:25 - 2015-01-03 12:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-03 12:19 - 2015-01-03 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-03 11:36 - 2015-01-03 11:37 - 00852504 _____ () C:\Users\Rasuka\Desktop\SecurityCheck.exe
2015-01-03 11:33 - 2015-01-06 15:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 11:31 - 2015-01-03 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-03 11:30 - 2015-01-03 11:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-03 11:30 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-03 11:30 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-03 11:30 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-03 11:16 - 2015-01-03 11:20 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rasuka\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-01 19:40 - 2015-01-01 19:40 - 00001426 _____ () C:\Users\Rasuka\Desktop\JRT.txt
2015-01-01 17:42 - 2015-01-01 17:43 - 01707939 _____ (Thisisu) C:\Users\Rasuka\Desktop\JRT.exe
2014-12-31 16:26 - 2014-12-27 14:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-31 16:26 - 2014-12-27 14:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-31 16:07 - 2014-12-31 16:07 - 02173952 _____ () C:\Users\Rasuka\Desktop\AdwCleaner.exe
2014-12-31 14:25 - 2014-12-31 14:25 - 00002978 _____ () C:\Windows\SysWOW64\rsslogs.20141231090416
2014-12-31 09:05 - 2014-12-31 09:05 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-31 09:05 - 2014-12-31 09:05 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-30 11:21 - 2014-12-30 11:21 - 00305496 _____ () C:\Windows\Minidump\123014-57002-01.dmp
2014-12-29 22:08 - 2015-01-01 20:48 - 00036361 _____ () C:\Users\Rasuka\Desktop\Addition.txt
2014-12-29 16:36 - 2014-12-29 16:36 - 00002958 _____ () C:\Windows\SysWOW64\rsslogs.20141229163422
2014-12-29 10:07 - 2014-12-29 10:07 - 00002969 _____ () C:\Windows\SysWOW64\rsslogs.20141229100044
2014-12-29 09:30 - 2014-12-29 09:33 - 00011920 _____ () C:\Windows\SysWOW64\rsslogs.20141229092849
2014-12-28 18:17 - 2014-12-28 18:19 - 00011527 _____ () C:\Users\Rasuka\Desktop\ckfiles.txt
2014-12-28 17:45 - 2014-12-28 17:45 - 00468480 _____ () C:\Users\Rasuka\Desktop\CKScanner.exe
2014-12-28 15:41 - 2015-01-06 15:03 - 00000000 ____D () C:\Users\Rasuka\Desktop\FRST-OlderVersion
2014-12-28 12:37 - 2014-12-28 12:37 - 00000020 ___SH () C:\Users\Rasuka\ntuser.ini
2014-12-28 11:15 - 2014-12-28 11:15 - 00308360 _____ () C:\Windows\Minidump\122814-59514-01.dmp
2014-12-28 08:20 - 2014-12-28 08:20 - 00000000 _____ () C:\Users\Rasuka\AppData\Local\{D7C78B3C-29B7-4F9D-9D6D-05D8D4771822}
2014-12-28 08:06 - 2014-12-28 08:06 - 00003186 _____ () C:\Windows\SysWOW64\rsslogs.20141228080627
2014-12-27 21:28 - 2015-01-06 17:17 - 00041841 _____ () C:\Users\Rasuka\Desktop\FRST.txt
2014-12-27 21:26 - 2015-01-06 15:03 - 02123776 _____ (Farbar) C:\Users\Rasuka\Desktop\FRST64.exe
2014-12-27 19:25 - 2015-01-06 17:13 - 00000000 ____D () C:\FRST
2014-12-27 15:45 - 2014-12-27 16:15 - 00006372 _____ () C:\Windows\SysWOW64\rsslogs.20141227154136
2014-12-27 13:32 - 2014-12-28 13:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-27 10:17 - 2014-12-28 13:36 - 00000000 ____D () C:\ProgramData\Norton
2014-12-27 10:17 - 2014-12-27 10:17 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-27 10:01 - 2014-12-27 10:02 - 00002910 _____ () C:\Windows\SysWOW64\rsslogs.20141227095652
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean.tmp
2014-12-26 20:13 - 2014-12-26 20:13 - 00000355 _____ () C:\Windows\system32\Drivers\etc\hosts.ussclean
2014-12-26 19:53 - 2014-12-26 19:53 - 00000398 _____ () C:\Windows\Tasks\RegInOut on user logon - Rasuka.job
2014-12-26 19:52 - 2014-12-26 19:52 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-12-26 19:49 - 2014-12-26 19:49 - 00000235 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
2014-12-26 19:31 - 2015-01-06 15:34 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:31 - 2015-01-06 15:33 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001
2014-12-26 19:22 - 2014-12-26 21:45 - 00000000 ____D () C:\ProgramData\Backup
2014-12-26 18:18 - 2014-12-26 21:00 - 00000000 ____D () C:\ProgramData\RegInOut
2014-12-26 15:13 - 2014-12-31 16:03 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-26 09:25 - 2014-12-26 09:25 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-12-25 12:22 - 2014-12-25 15:20 - 00000752 _____ () C:\Windows\DtcInstall.log
2014-12-25 11:01 - 2014-12-25 11:19 - 00001446 _____ () C:\Windows\comsetup.log
2014-12-25 10:38 - 2014-12-25 10:38 - 00000002 _____ () C:\$UpgDrv$
2014-12-25 10:37 - 2014-12-25 10:37 - 00001594 _____ () C:\Windows\CompatibilityIssues.txt
2014-12-25 10:20 - 2014-12-26 09:25 - 00000000 ____D () C:\$UPGRADE.~OS
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagwrn.xml
2014-12-25 09:43 - 2014-12-26 04:04 - 00001890 _____ () C:\Windows\diagerr.xml
2014-12-24 20:16 - 2014-12-24 20:16 - 00455136 ____T () C:\Users\Rasuka\AppData\Roaming\CrashRpt1402.dll
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____H () C:\Users\Rasuka\Documents\Default.rdp
2014-12-24 20:15 - 2014-12-24 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
2014-12-24 20:14 - 2014-12-24 20:15 - 00000000 ____D () C:\Program Files\SIW Home Edition
2014-12-24 19:43 - 2014-12-27 10:08 - 00000000 ____D () C:\Windows\pss
2014-12-24 18:43 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-12-24 18:27 - 2014-12-24 18:27 - 00305192 _____ () C:\Windows\Minidump\122414-8112-01.dmp
2014-12-24 11:23 - 2014-12-24 11:23 - 00305000 _____ () C:\Windows\Minidump\122414-45427-01.dmp
2014-12-23 23:03 - 2014-12-23 23:03 - 00000000 ____D () C:\ProgramData\F-Secure
2014-12-23 21:13 - 2014-12-26 13:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-23 21:06 - 2014-12-23 21:06 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\71490227.sys
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-12-23 20:03 - 2014-12-23 20:03 - 00000000 ____D () C:\Windows\system32\NV
2014-12-23 19:52 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-23 19:52 - 2014-12-13 05:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-12-23 19:52 - 2014-12-13 05:08 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-23 19:18 - 2014-12-23 19:19 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141223191743
2014-12-23 19:01 - 2014-12-23 19:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 14:13 - 2015-01-05 17:14 - 00212480 ___SH () C:\Users\Rasuka\Thumbs.db
2014-12-21 22:08 - 2014-12-21 22:09 - 00003397 _____ () C:\Windows\IE9_main.log
2014-12-21 20:25 - 2014-12-23 20:38 - 00000424 _____ () C:\Windows\system32\.crusader
2014-12-21 18:59 - 2014-12-21 20:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-21 18:41 - 2014-12-30 11:21 - 1091069408 _____ () C:\Windows\MEMORY.DMP
2014-12-21 18:41 - 2014-12-21 18:41 - 00287584 _____ () C:\Windows\Minidump\122114-17612-01.dmp
2014-12-21 18:26 - 2015-01-04 16:30 - 00037642 _____ () C:\Windows\PFRO.log
2014-12-21 18:19 - 2014-12-21 18:19 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-21 18:19 - 2014-12-21 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-21 18:18 - 2015-01-06 16:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 18:18 - 2015-01-06 15:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 18:16 - 2015-01-06 15:37 - 01292044 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 18:15 - 2014-12-21 18:15 - 00003284 _____ () C:\Windows\SysWOW64\rsslogs.20141221181208
2014-12-21 18:11 - 2015-01-06 15:29 - 00003187 _____ () C:\Windows\setupact.log
2014-12-21 18:11 - 2014-12-25 10:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-21 15:32 - 2014-12-21 15:32 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 15:31 - 2015-01-01 20:10 - 00000000 ____D () C:\AdwCleaner
2014-12-21 15:06 - 2014-12-21 15:06 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141221150518
2014-12-17 20:10 - 2014-12-17 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-16 09:30 - 2014-12-21 15:05 - 00000304 _____ () C:\Windows\system32\TemporarFileConfiguration
2014-12-13 10:34 - 2014-12-13 10:34 - 00000020 _____ () C:\Windows\SysWOW64\pub_store.dat
2014-12-13 10:34 - 2014-12-13 10:32 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\atl90.dll
2014-12-13 10:34 - 2014-12-13 10:32 - 00001857 _____ () C:\Windows\system32\Microsoft.VC90.CRT.manifest
2014-12-13 10:34 - 2014-12-13 10:32 - 00000466 _____ () C:\Windows\system32\Microsoft.VC90.ATL.manifest
2014-12-12 15:22 - 2014-12-12 15:22 - 00002970 _____ () C:\Windows\SysWOW64\rsslogs.20141212152137
2014-12-10 22:03 - 2014-12-10 22:03 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 15:27 - 2014-12-10 15:27 - 00002874 _____ () C:\Windows\SysWOW64\rsslogs.20141210152457
2014-12-09 23:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 23:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 15:52 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 15:52 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 15:52 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 15:51 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 15:51 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 15:50 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 15:50 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 15:50 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 15:50 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 15:50 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 15:50 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 15:50 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 15:50 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-06 16:38 - 2014-11-25 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 16:17 - 2012-05-30 18:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-06 15:40 - 2009-07-14 00:13 - 00791388 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 15:40 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 15:40 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 15:36 - 2012-05-30 18:32 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-06 15:33 - 2012-08-26 00:23 - 00006558 _____ () C:\Users\Public\CAFADEBUG.log
2015-01-06 15:32 - 2012-10-03 23:07 - 03420344 _____ () C:\FaceProv.log
2015-01-06 15:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 15:05 - 2014-08-17 19:13 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Adobe
2015-01-06 13:53 - 2012-08-26 00:29 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Adobe
2015-01-05 18:54 - 2012-08-26 06:59 - 00000000 ____D () C:\MATS
2015-01-05 17:26 - 2012-08-25 23:49 - 00000000 ___SD () C:\Users\Rasuka
2015-01-05 16:47 - 2009-07-13 23:45 - 06264856 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-05 16:05 - 2012-08-25 23:50 - 00190960 _____ () C:\Users\Rasuka\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-05 15:57 - 2012-08-26 01:23 - 00000000 ____D () C:\Users\Rasuka\Documents\My Received Files
2015-01-05 15:50 - 2013-12-13 16:58 - 00000000 ____D () C:\Users\Rasuka\Documents\Fiesta
2015-01-05 15:45 - 2012-08-26 07:50 - 00000000 ____D () C:\Users\Rasuka\Documents\PSP Themes
2015-01-05 15:45 - 2012-08-26 07:49 - 00000000 ____D () C:\Users\Rasuka\Documents\Photoshop stuff
2015-01-05 15:21 - 2013-01-25 08:29 - 00000000 ____D () C:\Users\Rasuka\New folder (2)
2015-01-05 15:20 - 2012-08-02 08:38 - 00000000 ____D () C:\Users\Rasuka\Documents\Mabinogi Stuff
2015-01-05 15:19 - 2012-08-26 08:36 - 00000000 ____D () C:\Users\Rasuka\Documents\Mabinogi
2015-01-05 15:15 - 2013-04-09 16:55 - 00000000 ____D () C:\Users\Rasuka\Documents\Just Another Day with you
2015-01-05 15:10 - 2014-05-19 11:55 - 00000000 ____D () C:\Users\Rasuka\Downloads\花非花雾非雾电视剧原声音乐大碟
2015-01-05 15:10 - 2013-01-13 18:28 - 00000000 ____D () C:\Users\Rasuka\Downloads\步步惊心电视剧原声音乐大碟
2015-01-05 15:03 - 2014-09-08 07:12 - 00000000 ____D () C:\Users\Rasuka\Documents\Chemical Lab Tech
2015-01-05 15:01 - 2013-10-24 20:05 - 00000000 ____D () C:\Users\Rasuka\Downloads\Bastion Original Soundtrack
2015-01-05 14:54 - 2013-03-17 08:54 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Skype
2015-01-05 14:49 - 2012-08-26 02:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2015-01-05 14:49 - 2012-08-26 02:44 - 00000000 ____D () C:\Program Files (x86)\PopCap Games
2015-01-05 14:42 - 2013-01-06 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintMusic! 2000
2015-01-05 14:36 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 14:25 - 2014-11-22 15:50 - 00000000 ____D () C:\Program Files\PXG
2015-01-05 14:10 - 2012-05-30 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-04 12:31 - 2014-10-23 14:54 - 00000000 ____D () C:\Program Files (x86)\Granado Espada Online
2015-01-04 11:57 - 2014-10-12 07:15 - 00001899 _____ () C:\Users\Rasuka\Desktop\ Mabinogi .lnk
2015-01-04 11:53 - 2013-04-12 17:13 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-04 11:53 - 2013-04-12 16:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-03 14:06 - 2012-08-25 23:50 - 00001428 _____ () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-03 13:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-31 16:28 - 2012-09-06 20:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-31 15:39 - 2012-08-29 15:28 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-12-31 15:38 - 2012-08-26 05:14 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-31 14:32 - 2012-08-26 00:12 - 00000000 ____D () C:\Users\Rasuka\Tracing
2014-12-30 16:49 - 2012-08-26 08:05 - 00000000 ____D () C:\ProgramData\RegCure
2014-12-30 11:21 - 2013-12-28 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 21:15 - 2014-11-14 22:03 - 00007597 _____ () C:\Users\Rasuka\AppData\Local\resmon.resmoncfg
2014-12-28 18:07 - 2012-08-26 08:14 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\uTorrent
2014-12-28 12:29 - 2009-07-14 00:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-27 15:06 - 2013-03-17 08:54 - 00000000 ____D () C:\ProgramData\Skype
2014-12-27 15:05 - 2014-11-15 08:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-27 14:51 - 2014-10-03 10:27 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-26 20:34 - 2013-01-10 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2014-12-26 19:45 - 2014-10-29 16:54 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-26 19:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 09:39 - 2012-08-26 10:08 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-12-26 09:39 - 2012-08-26 08:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-12-26 09:39 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-26 09:39 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-26 09:21 - 2010-11-20 09:42 - 00000000 ____D () C:\$WINDOWS.~BT
2014-12-24 18:14 - 2014-02-16 19:24 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-24 18:14 - 2012-05-30 18:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-23 21:56 - 2012-08-25 23:48 - 00000000 ____D () C:\Recovery
2014-12-23 21:48 - 2014-10-19 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-23 21:48 - 2012-11-12 08:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-23 21:48 - 2012-08-25 23:49 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-23 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-23 20:03 - 2014-03-23 07:23 - 00000000 ____D () C:\Temp
2014-12-23 20:03 - 2012-05-30 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-21 18:27 - 2011-02-24 12:03 - 00000000 ____D () C:\Windows\Panther
2014-12-21 18:19 - 2012-08-26 00:26 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Google
2014-12-21 18:19 - 2012-05-30 18:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-21 18:18 - 2012-05-30 18:37 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-21 18:18 - 2012-05-30 18:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-12-21 15:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-12-21 09:33 - 2013-04-14 09:33 - 00000000 ____D () C:\Users\Rasuka\AppData\Local\Deployment
2014-12-20 10:19 - 2014-11-22 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 22:06 - 2009-07-13 21:34 - 00001512 ___SH () C:\Windows\system32\Drivers\etc\hosts.hitmanpro
2014-12-18 18:46 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 10:18 - 2013-03-13 21:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 05:08 - 2014-02-16 19:18 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-13 05:08 - 2012-05-30 18:09 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 01097360 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 03:03 - 2012-05-30 18:10 - 00628040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-12-13 03:03 - 2012-05-30 18:10 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-12 22:38 - 2014-11-25 21:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 22:12 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 22:05 - 2014-11-25 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 22:05 - 2014-11-25 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Users\Rasuka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-12 22:04 - 2012-08-26 01:36 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-12 18:11 - 2012-05-30 18:10 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-12 15:25 - 2014-01-10 11:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 22:03 - 2014-04-29 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 15:51 - 2012-08-26 08:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 15:47 - 2013-07-16 06:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 15:34 - 2012-08-26 00:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 15:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-12-09 13:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-12-07 18:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
 
Files to move or delete:
====================
C:\Users\Rasuka\AdobeCreativeCloudCleanerTool.exe
 
 
Some content of TEMP:
====================
C:\Users\Rasuka\AppData\Local\Temp\NGM.exe
C:\Users\Rasuka\AppData\Local\Temp\NGMDll.dll
C:\Users\Rasuka\AppData\Local\Temp\NGMResource.dll
C:\Users\Rasuka\AppData\Local\Temp\Quarantine.exe
C:\Users\Rasuka\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-27 17:11
 
==================== End Of Log ============================
 
Addition log:-
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015
Ran by Rasuka at 2015-01-06 17:20:57
Running from C:\Users\Rasuka\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A Walk in the Dark (HKLM-x32\...\Steam App 248730) (Version:  - )
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Aimersoft Video Converter Ultimate(Build 6.4.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.4.1.0 - Aimersoft Software)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1422646263-2310165737-2160699533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.3042.60281 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.3042.60281 - Alcor Micro Corp.) Hidden
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
All Sound Recorder XP 2.30 (HKLM-x32\...\All Sound Recorder XP_is1) (Version:  - MP3DO, Inc.)
Anvil Studio (HKLM-x32\...\{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}) (Version: 14.03.01 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{BC3AFA60-3E98-4F5B-81B7-0A919050C0D7}) (Version: 12.12.07 - Willow Software)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Brownie (HKLM-x32\...\{F40CA00E-B365-448A-B146-BC061F1230A0}) (Version: 1.0.2 - Hotarugirl)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.50 - Conexant)
Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.0.0.07110 - Sony Corporation)
CoreAAC (HKLM-x32\...\CoreAAC) (Version:  - )
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
FATE (HKLM-x32\...\Steam App 246840) (Version:  - WildTangent)
FATE: Undiscovered Realms (HKLM-x32\...\Steam App 276890) (Version:  - WildTangent)
Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.01.516 - Gamigo games)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.54 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version:  - IMC Games Co., Ltd.)
Grimm (HKLM-x32\...\Steam App 252150) (Version:  - Spicyhorse Games)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.7 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.7 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3807 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3807 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.0.29 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Media Manager for WALKMAN 1.2 (HKLM-x32\...\{5A6ED905-D19D-4954-8499-0DAF386460F7}) (Version: 1.2.771 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds_is1) (Version:  - )
Ricochet Xtreme (HKLM-x32\...\Ricochet Xtreme Retail_is1) (Version:  - Reflexive Entertainment, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SharpEye Music Reader 2 (HKLM-x32\...\SharpEye Music Reader 2) (Version:  - Visiv)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version:  - KING Art)
The Book of Unwritten Tales: The Critter Chronicles (HKLM-x32\...\Steam App 221830) (Version:  - KING Art)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version:  - SQUARE ENIX)
The Witch's Yarn (HKLM-x32\...\Steam App 287740) (Version:  - Mousechief)
TRENDnet TEW-648UB Wireless N USB Adapter (HKLM-x32\...\{74A8117D-07C6-4222-AFFD-51421B69DEF0}) (Version: 1.00.0000 - TRENDnet)
Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version:  - Reality Pump Studios)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Violett (HKLM-x32\...\Steam App 257830) (Version:  - Forever Entertainment S. A.)
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Driver Package - Lenovo Corporation (LAD) System  (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
搜狐影音 (HKLM-x32\...\搜狐影音) (Version: 0.0.0.0 - 搜狐公司)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1422646263-2310165737-2160699533-1001_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
04-01-2015 11:11:17 Windows Update
04-01-2015 16:57:59 Windows Update
05-01-2015 14:02:03 Removed Disney Interactive Studios
05-01-2015 14:25:43 Removed Hexic Deluxe
05-01-2015 18:50:08 Restore Point before Adobe Photoshop CS4 (64 Bit) was removed using Program Install and Uninstall troubleshooter
05-01-2015 19:20:57  Adobe Photoshop CS4 (64 Bit) 
05-01-2015 22:33:56 Windows Update
06-01-2015 14:50:43 Removed Adobe CMaps x64 CS4
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-26 19:45 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.79.59 www.google-analytics.com.
85.25.79.59 google-analytics.com.
85.25.79.59 connect.facebook.net.
95.141.32.73 www.google-analytics.com.
95.141.32.73 google-analytics.com.
95.141.32.73 connect.facebook.net.
192.95.55.231 www.google-analytics.com.
192.95.55.231 google-analytics.com.
192.95.55.231 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1D20654C-A8B8-44D8-B766-52109305D06F} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {1FC430EA-1EE2-40D0-850B-20A8323EFAD7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {2429CA2B-8272-4BE4-8FE9-0DB435A2F08A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {2BB90564-BEA8-429F-824D-5ED6803F2B2F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {346E7C27-6B5F-4759-9820-26CC924CE0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {38DA9148-2EF2-4AEB-BC87-F3199E506247} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4D24C1F9-4217-4A50-B31E-BD9877BAD97C} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {52B267EA-BE0E-4BA3-B3FC-9FA7F59BCA97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {5DDCFCD0-E807-4966-99C7-9CC479E588D2} - System32\Tasks\{E49F7C0D-F95A-47DC-AE9C-4E1E49F9390F} => pcalua.exe -a C:\Users\Rasuka\0wto11ww.exe -d C:\Users\Rasuka
Task: {6BA6068E-5650-46EB-8D88-37A2B326A1C8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {707CADC8-4B7F-431E-8761-34F2668616BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72CF49A3-4A4B-471F-9AD6-60E504295D6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {78B52EEF-1E5D-4ABE-A477-EE8A943C19B3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {839E0079-7EE6-4F21-BF53-365453C11159} - System32\Tasks\{688D4B71-E0BC-4A2B-AA28-D8DAAC274AFA} => pcalua.exe -a C:\Windows\unvise32.exe -c C:\PrintMusic! 2000\uninstal.log
Task: {8A567B82-3ED9-452E-AE54-C4EBC2E271A9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {9D80D751-04A3-4441-BEF6-108B9AAC389C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E840021-2EFA-4CE3-AF21-47F1C98F1E16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1422646263-2310165737-2160699533-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {A2678D7C-B865-45C2-9490-EC8780D52250} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {A4C494A6-4C0A-4C39-8B84-DE489882957B} - System32\Tasks\{B4A23E6E-C0C0-4CA5-9481-633B8CE5467A} => pcalua.exe -a "C:\Users\Rasuka\Adobe Master Collection CS4\Adobe Master Collection CS4\Adobe CS4 Master Collection - Shadeyman\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent
Task: {B50B6778-5740-4285-A22F-6764F157C83C} - System32\Tasks\{36D133A2-797D-4CD0-AD2C-763552ED6126} => pcalua.exe -a C:\Users\Rasuka\caiu15us.exe -d C:\Users\Rasuka
Task: {E917B792-DBA4-4B94-971A-D99271FB5DF3} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-05] (Intel)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegInOut on user logon - Rasuka.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-07-12 16:55 - 2008-06-26 18:09 - 00167936 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2014-11-02 09:42 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2008-12-20 05:20 - 2012-05-30 18:42 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 18:22 - 2012-05-30 18:42 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2013-07-12 16:55 - 2012-01-05 16:53 - 00606208 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
2012-05-30 18:16 - 2012-04-16 02:17 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-05-30 18:31 - 2011-12-08 13:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-18 11:00 - 2014-10-18 11:00 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-05-30 18:05 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-12 16:55 - 2011-08-11 09:18 - 00413696 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanDll.dll
2013-07-12 16:55 - 2011-08-26 10:55 - 00294912 _____ () C:\Program Files\TRENDnet\TEW-648UB\WPSCtrl.dll
2012-05-30 18:32 - 2012-05-30 18:32 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2012-05-30 18:16 - 2012-03-28 09:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00021040 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
2012-05-30 18:29 - 2012-02-20 18:08 - 00089136 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\CommonTools.dll
2014-01-30 22:28 - 2014-01-30 22:28 - 00421520 _____ () C:\Program Files (x86)\GRETECH\GomPlayer\GomTVStrm.dll
2013-12-25 21:41 - 2013-12-25 21:41 - 00326144 _____ () C:\Program Files (x86)\GRETECH\GomPlayer\avutil-gp-52.dll
2013-10-29 03:19 - 2013-10-29 03:19 - 07600128 _____ () C:\Program Files (x86)\GRETECH\GomPlayer\avcodec-gp-55.dll
2014-02-24 22:17 - 2014-02-24 22:17 - 00407552 _____ () C:\Program Files (x86)\GRETECH\GomPlayer\swscale-gp-2.dll
2014-06-15 21:22 - 2014-06-15 21:22 - 01154048 _____ () C:\Program Files (x86)\GRETECH\GomPlayer\avformat-gp-55.dll
2014-09-26 04:03 - 2014-09-26 04:03 - 00121344 _____ () C:\Program Files (x86)\GRETECH\GomPlayer\swresample-gp-0.dll
2014-04-20 23:34 - 2014-04-20 23:34 - 01193472 _____ () C:\Program Files (x86)\GRETECH\GomPlayer\libass.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: CAPOSD => C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SynLenovoGestureMgr => %ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1422646263-2310165737-2160699533-500 - Administrator - Disabled)
Guest (S-1-5-21-1422646263-2310165737-2160699533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1422646263-2310165737-2160699533-1003 - Limited - Enabled)
Rasuka (S-1-5-21-1422646263-2310165737-2160699533-1001 - Administrator - Enabled) => C:\Users\Rasuka
 
==================== Faulty Device Manager Devices =============
 
Name: MagicISO SCSI Host Controller
Description: MagicISO SCSI Host Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: MagicISO, Inc.
Service: mcdbus
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/06/2015 03:53:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0x0000046b
Fault offset: 0x000000000000940d
Faulting process id: 0x14c0
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3
 
Error: (01/06/2015 03:30:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/06/2015 03:07:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/06/2015 03:07:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/06/2015 02:54:05 PM) (Source: MsiInstaller) (EventID: 10005) (User: Rasuka-PC)
Description: Product: Adobe CMaps x64 CS4 -- Please install Adobe CMaps x64 CS4 using Setup.exe
 
Error: (01/06/2015 09:13:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 10:32:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: IEFRAME.dll, version: 11.0.9600.17496, time stamp: 0x546fe9dd
Exception code: 0xc0000005
Fault offset: 0x00000000005b86fe
Faulting process id: 0x1918
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/05/2015 07:43:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: IEFRAME.dll, version: 11.0.9600.17496, time stamp: 0x546fe9dd
Exception code: 0xc0000005
Fault offset: 0x00000000005b86fe
Faulting process id: 0x1b30
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/05/2015 06:49:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: Rasuka-PC)
Description: Product: Adobe Photoshop CS4 (64 Bit) -- Please install Adobe Photoshop CS4 (64 Bit) using Setup.exe
 
Error: (01/05/2015 05:34:16 PM) (Source: MsiInstaller) (EventID: 10005) (User: Rasuka-PC)
Description: Product: Adobe Setup -- Please install Adobe Setup using Setup.exe
 
 
System errors:
=============
Error: (01/06/2015 03:54:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/06/2015 03:35:41 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (01/06/2015 03:34:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (01/06/2015 03:32:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
 
Error: (01/06/2015 03:29:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:24:56 PM on ‎06/‎01/‎2015 was unexpected.
 
Error: (01/06/2015 09:17:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (01/06/2015 09:16:50 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (01/06/2015 09:14:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZeroConfigService service.
 
Error: (01/06/2015 09:13:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/05/2015 05:05:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application User Notification Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (01/06/2015 03:53:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnetwk.exe12.0.7601.175144ce7ae7fKERNELBASE.dll6.1.7601.184095315a05a0000046b000000000000940d14c001d029f06e441154C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\KERNELBASE.dll1f11d325-95e6-11e4-bbae-047d7bd9bec7
 
Error: (01/06/2015 03:30:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/06/2015 03:07:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe
 
Error: (01/06/2015 03:07:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe
 
Error: (01/06/2015 02:54:05 PM) (Source: MsiInstaller) (EventID: 10005) (User: Rasuka-PC)
Description: Product: Adobe CMaps x64 CS4 -- Please install Adobe CMaps x64 CS4 using Setup.exe(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/06/2015 09:13:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 10:32:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17496546fdf97IEFRAME.dll11.0.9600.17496546fe9ddc000000500000000005b86fe191801d02949d47749cfC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dlla80316f1-9554-11e4-9f4d-047d7bd9bec7
 
Error: (01/05/2015 07:43:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17496546fdf97IEFRAME.dll11.0.9600.17496546fe9ddc000000500000000005b86fe1b3001d0293ce08f8036C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dllfa68ac0c-953c-11e4-9f4d-047d7bd9bec7
 
Error: (01/05/2015 06:49:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: Rasuka-PC)
Description: Product: Adobe Photoshop CS4 (64 Bit) -- Please install Adobe Photoshop CS4 (64 Bit) using Setup.exe(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/05/2015 05:34:16 PM) (Source: MsiInstaller) (EventID: 10005) (User: Rasuka-PC)
Description: Product: Adobe Setup -- Please install Adobe Setup using Setup.exe(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 30%
Total physical RAM: 8053.2 MB
Available physical RAM: 5625.32 MB
Total Pagefile: 20132.2 MB
Available Pagefile: 16961.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:263.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.79 GB) NTFS
Drive f: () (Removable) (Total:7.39 GB) (Free:2.77 GB) FAT32
Drive g: (My Book) (Fixed) (Total:3725.99 GB) (Free:834.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 5226011C)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 52260118)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.3 GB) - (Type=12)
 
========================================================
Disk: 2 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.
 
==================== End Of Log ============================

  • 0

#25
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Rasuka.

You haven't removed all the Photoshop stuff because it's hidden. The following fix will reveal it to you. After running the fix, please uninstall the rest.

 
Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   3.24KB   113 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
Uninstall programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:
  • Adobe Anchor Service x64 CS4
  • Adobe CMaps x64 CS4
  • Adobe CSI CS4 x64
  • Adobe Drive CS4 x64
  • Adobe InDesign CS4 Icon Handler x64
  • Adobe Linguistics CS4 x64
  • Adobe PDF Library Files x64 CS4
  • Adobe Photoshop CS4 (64 Bit)
  • Adobe Type Support x64 CS4
  • PDF Settings CS4
 
Step #3
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • FRST.txt log content
  • Addition.txt log content

  • 0

Advertisements


#26
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

err just a curious question when i attempt to uninstall the CS4 related stuff it's telling me to "please install Adobe (insert program name here) using setup.exe" is it supposed to be doing that? it happens for all of the stuff that is now currently visable so I'm wondering what's the next step i should take


Edited by Rasuka, 07 January 2015 - 07:52 PM.

  • 0

#27
Rasuka

Rasuka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

on a side note here's the fix log:-

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Rasuka at 2015-01-07 19:55:58 Run:4
Running from C:\Users\Rasuka\Desktop
Loaded Profiles: Rasuka &  (Available profiles: Rasuka)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Del5288808] => cmd.exe /Q /D /c del "C:\Users\Rasuka\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Del8716821] => cmd.exe /Q /D /c del "C:\Users\Rasuka\AppData\Local\Temp\0.del" <===== ATTENTION
URLSearchHook: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {341f4dac-1966-47ff-aacf-0ce175f1498a} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {279560F9-9C70-4028-9C2D-E477D827903C} URL = 
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {341F4DAC-1966-47FF-AACF-0CE175F1498A} -  No File
2014-12-28 08:20 - 2014-12-28 08:20 - 00000000 _____ () C:\Users\Rasuka\AppData\Local\{D7C78B3C-29B7-4F9D-9D6D-05D8D4771822}
C:\Users\Rasuka\AdobeCreativeCloudCleanerTool.exe
C:\Program Files (x86)\Disney Interactive Studios\Disney Epic Mickey 2
C:\Users\All Users\Microsoft\Secure
C:\Users\All Users\xTtqYNb
C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7}
C:\Users\Rasuka\New folder (2)\Mabinogi\Pleione.dll
C:\Users\Rasuka\New folder (3)\Tangled\Jaybob's_Movies_Toolbar_Internet Explorer.exe
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del5288808 => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del8716821 => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {341f4dac-1966-47ff-aacf-0ce175f1498a} => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{{341F4DAC-1966-47FF-AACF-0CE175F1498A} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1422646263-2310165737-2160699533-1000-{{341F4DAC-1966-47FF-AACF-0CE175F1498A} => Key not found. 
C:\Users\Rasuka\AppData\Local\{D7C78B3C-29B7-4F9D-9D6D-05D8D4771822} => Moved successfully.
C:\Users\Rasuka\AdobeCreativeCloudCleanerTool.exe => Moved successfully.
C:\Program Files (x86)\Disney Interactive Studios\Disney Epic Mickey 2 => Moved successfully.
C:\Users\All Users\Microsoft\Secure => Moved successfully.
C:\Users\All Users\xTtqYNb => Moved successfully.
C:\Users\Rasuka\AppData\Roaming\Mozilla\Firefox\Profiles\qsbpguso.default\extensions\{5E4F9775-29AA-B3DE-1B89-ACFEC3B3DBC7} => Moved successfully.
"C:\Users\Rasuka\New folder (2)\Mabinogi\Pleione.dll" => File/Directory not found.
"C:\Users\Rasuka\New folder (3)\Tangled\Jaybob's_Movies_Toolbar_Internet Explorer.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{887797BF-37A5-4199-B0C9-0D38D6196E9A}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90BA8112-80B3-4617-A3C1-BD2771B60F74}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DAA31EB-6830-4006-A99F-4DF8AB24714F}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3454894-144A-4D80-B605-C128FE0D7329}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8875A1C0-6308-4790-8CF6-D34E89880052}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DFFABE78-8173-4E97-9C5C-22FB26192FC5}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}\\SystemComponent => value deleted successfully.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => Removed 1.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:07:42 ====

  • 0

#28
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Rasuka.

Please, try the following to get rid of the Adobe CS4:
  • Download the Adobe CS4 Clean Script and unzip it
  • Right click CS4InstallerDatabaseUtility.exe and select Run As Administrator
  • Follow the on-screen prompt to complete the script. Once the script completes press Enter
  • Restart your system
 
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content

  • 0

#29
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Per the PM sent by the OP this topic will be closed as resolved...
  • 0

#30
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP