HelpWARE09 Posted August 31, 2014 ID:873408 Share Posted August 31, 2014 Hello community, So I was just watching TV shows online, and then all of a sudden, my webcam light turned on (which means the webcam started to function). I was curious, but then ignored it for a few seconds. Not even a second or two after, this chat interface (no idea where it even originated from) just popped up, and along with it came a message and a link. The message read "Enjoying your show?", along with a link to prntscr.com. As many of you may know, Prntscr is a public free image hosting website. And sure enough, the link lead me to a picture of my very own face (honestly). Anyways, I panicked and then ran Malware Bytes around 10 times or so, conducting full scans. Ever since, I remain absolutely uncertain whether or not the virus has actually been rid of from my computer. From this experience, I'd like to know of 2 things:What is this hack? What is the function of this hack? And why has it been conducted to me? How can I prevent this from happening to me again in the future? Many thanks for reading and understanding. Link to post Share on other sites More sharing options...
kevinf80 Posted August 31, 2014 ID:873410 Share Posted August 31, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Let me see the two produced logs.. Kevin Link to post Share on other sites More sharing options...
HelpWARE09 Posted August 31, 2014 Author ID:873412 Share Posted August 31, 2014 Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-08-2014 01Ran by Administrator at 2014-08-31 19:29:26Running from C:\Users\Administrator\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Forefront Client Security (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}AS: Microsoft Forefront Client Security (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) {03534DA5-2F88-4B8E-A978-849B979E1B8F} (HKLM\...\DEC_Tux Guitar) (Version: 1.2 - DMIG){06003614-93D5-4792-B7FE-BED582ACB210} (HKLM\...\DEC_Student Response Network) (Version: 2.1 - DMIG){1882C68E-9957-4F04-9CAD-A0980E3E6699} (HKLM\...\DEC_Computrace_Agent) (Version: 8.0.898 - DMIG){196BB40D-1578-3D01-B289-BEFC77A11A1E} (HKLM\...\DEC_Visual_C++_Runtime_x86) (Version: 10.0.30319 - DMIG){23170F69-40C1-2701-0920-000001000000} (HKLM\...\DEC_7Zip) (Version: 9.20.00.0 - DMIG){26A24AE4-039D-4CA4-87B4-2F83216026FF} (HKLM\...\DEC_Java_Runtime_Environment_x86) (Version: 6.0.260 - DMIG){29ED20C9-5E15-4969-9279-25BF3727A3DA} (HKLM\...\DEC_iTunes x86) (Version: 10.5.0.142 - DMIG){2D64DBC2-99C8-4481-9D2A-1F8D4A245E95} (HKLM\...\DEC_Scratch) (Version: 1.4 - DMIG){3C3901C5-3455-3E0A-A214-0B093A5070A6} (HKLM\...\DEC_.NET_Framework) (Version: 4.030319 - DMIG){423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7} (HKLM\...\DEC_Auto Collage) (Version: 2008 - DMIG){46A84694-59EC-48F0-964C-7E76E9F8A2ED} (HKLM\...\DEC_ThinkVantage Active Protection System) (Version: 1.74 - DMIG){4D4FC0FF-F197-401F-842E-E118F1D2647E} (HKLM\...\DEC_Forefront Client Security) (Version: 1.5.1996 - DMIG){53B0213C-CC0C-4340-90BF-BFC7D3FE5BB4} (HKLM\...\DEC_QuickMark) (Version: 3.8.0 - DMIG){6101D4B6-981F-4A4F-946A-36762CAF3120} (HKLM\...\DEC_Web_Premium) (Version: CS5.5 - DMIG){69CC48CF-1E31-4B04-98A1-87F9E45A13DC} (HKLM\...\DEC_EasySense Software) (Version: 2.8 - DMIG){6D4839CB-28B4-4070-8CA7-612CA92CA3D0} (HKLM\...\DEC_F5_Networks_VPN_Client) (Version: 6.0.3 - DMIG){6DD1D809-EE6F-49EE-B3A4-D406C75AEC49} (HKLM\...\DEC_Kodu Game Lab) (Version: 1.1.0 - DMIG){7E265513-8CDA-4631-B696-F40D983F3B07}_is1 (HKLM\...\DEC_CD_Burner_XP) (Version: 4.3.8.2568 - DMIG){88C6A6D9-324C-46E8-BA87-563D14021442}_is1 (HKLM\...\DEC_ThinkVantage Communications Utility) (Version: 2.08 - DMIG){89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} (HKLM\...\DEC_Silverlight) (Version: 4.0.60531.0 - DMIG){A4E43135-BBC1-433A-B04A-A8F6FF0E6E23} (HKLM\...\DEC_SMART_Education_Software_2011) (Version: 10.8 - DMIG){A6D95AEF-138A-4805-8AD4-84325CCD1914} (HKLM\...\DEC_Panaboard) (Version: 4.2.1 - DMIG){AAF4DEA2-5A69-4819-9BB2-BF3D540F9024} (HKLM\...\DEC_Premiere Elements 10) (Version: 10.0 - DMIG){AC76BA86-1033-F400-7760-000000000005} (HKLM\...\DEC_Acrobat Pro) (Version: 10.1.0 - DMIG){B7BDAF22-9647-4846-8EA9-6E0A5B785651} (HKLM\...\DEC_Flash Player) (Version: 10.3.181.14 - DMIG){C9E14402-3631-4182-B377-6B0DFB1C0339} (HKLM\...\DEC_QuickTime) (Version: 7.70.80.34 - DMIG){CC1B3119-A9DB-FE3A-805C-8A9517533E0D} (HKLM\...\DEC_Cyber Safety Help Button) (Version: 1.0.11 - DMIG){Combined Community Codec Pack_is1} (HKLM\...\DEC_Combined_Community_Codec_Pack) (Version: 20110703 - DMIG){D06D66C9-EFC7-4A13-B492-E60CCE915571} (HKLM\...\DEC_Adobe Captivate) (Version: 5.5 - DMIG){D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} (HKLM\...\DEC_ThinkPad Hotkey Features Integration) (Version: 3.51.0000 - DMIG){D22002ED-EE2A-4CB1-A63D-430E62A2E8D8} (HKLM\...\DEC_Sketchup) (Version: 3.0.4811 - DMIG){D35B0C7A-4545-4A98-A810-3810B3FE25E5} (HKLM\...\DEC_Blue_Coat_Client) (Version: 3.1.0 - DMIG){D84A070E-2A31-464A-9830-39FAB5761D62} (HKLM\...\DEC_Shockwave_Player) (Version: 11.6.0.626 - DMIG){DAC01CEE-5BAE-42D5-81FC-B687E84E8405} (HKLM\...\DEC_ThinkPad Power Manager) (Version: 3.62 - DMIG){DEC BGInfo Wallpaper} (HKLM\...\DEC_BGInfo) (Version: 4.16 - DMIG){DEC_URLs_x86} (HKLM\...\DEC_DEC_URLs) (Version: 2.2 - DMIG){Dia} (HKLM\...\DEC_Dia) (Version: 0.97.1 - DMIG){DirectX} (HKLM\...\DEC_DirectX) (Version: 11 - DMIG){FDB3B167-F4FA-461D-976F-286304A57B2A} (HKLM\...\DEC_AIR Runtime) (Version: 2.7.0.19530 - DMIG){WinLiveSuite} (HKLM\...\DEC_Windows_Live_Essentials) (Version: 15.4.3508.1109 - DMIG)32 Bit HP CIO Components Installer (Version: 8.1.2 - Hewlett-Packard) Hidden7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.0 - Adobe Systems)Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) HiddenAdobe Captivate 5.5 (HKLM\...\{7DE6CDC3-CFEE-4564-813D-3F59E5D71F10}) (Version: 5.5 - Adobe Systems Incorporated)Adobe Captivate Quiz Results Analyzer (HKLM\...\QuizResultsAnalyzer1.5.D22673E681B55698FF9C7ED1AC2C76EECFF3CF3F.1) (Version: 1.5 - Adobe Systems Incorporated)Adobe Captivate Quiz Results Analyzer (Version: 1.5 - Adobe Systems Incorporated) HiddenAdobe Captivate Reviewer (HKLM\...\AdobeCaptivateReviewer2.5.D22673E681B55698FF9C7ED1AC2C76EECFF3CF3F.1) (Version: 2.5 - Adobe Systems Incorporated)Adobe Captivate Reviewer (Version: 2.5 - Adobe Systems Incorporated) HiddenAdobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) HiddenAdobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)Adobe Creative Suite 5.5 Web Premium (HKLM\...\{B4749B38-C5BD-4A02-8E9F-C1EF7CCEA651}) (Version: 5.5 - Adobe Systems Incorporated)Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )Adobe Flash Player 10 ActiveX (HKLM\...\{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}) (Version: 10.3.181.14 - Adobe Systems Incorporated)Adobe Flash Player 10 Plugin (HKLM\...\{B7BDAF22-9647-4846-8EA9-6E0A5B785651}) (Version: 10.3.181.14 - Adobe Systems Incorporated)Adobe Muse (HKLM\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 7.4 - Adobe Systems Incorporated)Adobe Muse (HKLM\...\AdobeMuse) (Version: 7.4.30 - Adobe Systems Incorporated)Adobe Muse (Version: 7.4.30 - Adobe Systems Incorporated) HiddenAdobe Photoshop Elements 10 (HKLM\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)Adobe Photoshop Elements 10 (HKLM\...\DEC_Photoshop Elements) (Version: 10.0 - DMIG)Adobe Photoshop Elements 10 (Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Premiere Elements 10 Content (HKLM\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)Adobe Premiere Elements 10 Content (Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Premiere Elements 10 Content 1 (Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Premiere Elements 10 Content 2 (Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Premiere Elements 10 Content 3 (Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Premiere Elements 10 HD Content 1 (Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Premiere Elements 10 HD Content 2 (Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Premiere Elements 10 HD Content 3 (Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Presenter 7 (HKLM\...\Adobe Presenter 7) (Version: 7.0.6 - Adobe Systems)Adobe Presenter 7 (Version: 7.0 - Adobe Systems Inc.) HiddenAdobe Shockwave Player 11.6 (HKLM\...\{D84A070E-2A31-464A-9830-39FAB5761D62}) (Version: 11.6.0.626 - Adobe Systems, Inc)AdobeCaptivate32 (Version: 1.2.0000 - Adobe Systems Incorporated) HiddenApple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Audacity 1.3 Beta (Unicode)_is1 (HKLM\...\DEC_Audacity) (Version: 1.3.13 - DMIG)Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)Axife Mouse Recorder DEMO 5.01 (HKLM\...\Axife Mouse Recorder DEMO_is1) (Version: - Axife Software)B991B020-2968-11D8-AF23-444553540000_is1 (HKLM\...\DEC_Freemind) (Version: 0.9.0 - DMIG)Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)BlueStacks Notification Center (HKLM\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)CCA (HKLM\...\DEC_Colour Contrast Analyser) (Version: 2.2 - DMIG)CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2568 - CDBurnerXP)Celtx (2.9.1) (HKLM\...\Celtx (2.9.1)) (Version: 2.9.1 (en-US) - Greyfirst)Celtx (2.9.1) (HKLM\...\DEC_Celtx) (Version: 2.9.1 - DMIG)CNXT_AUDIO_HDA (HKLM\...\DEC_Conexant HD Audio) (Version: 8.32.27.0 - DMIG)Combat Arms (HKLM\...\Combat Arms) (Version: - )Combined Community Codec Pack 2011-07-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)Configuration Manager Client (Version: 4.00.6487.2000 - Microsoft Corporation) HiddenCounter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)Cybersafety Help Button (HKLM\...\au.gov.dbcde.cyber-safety.button) (Version: 1.0.11 - Department of Broadband, Communications and the Digital Economy)Cybersafety Help Button (Version: 1.0.11 - Department of Broadband, Communications and the Digital Economy) HiddenD3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDebut_1_48 (HKLM\...\DEC_Debut) (Version: 1.48 - DMIG)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)DET NSW - Digital Education Revolution (HKLM\...\DET_OEM_Build) (Version: S4_0_0_x86 - )DETNSW Adobe Web Premium CS5.5 x86 (Version: 1.2.0000 - Adobe Systems Incorporated) HiddenDia (remove only) (HKLM\...\Dia) (Version: - )Digital Editions (HKLM\...\DEC_Digital_Editions) (Version: 1.7.2 - DMIG)EasySense Software (HKLM\...\{69CC48CF-1E31-4B04-98A1-87F9E45A13DC}) (Version: 2.08.0000 - Data Harvest Group Ltd)Elements 10 Organizer (Version: 10.0 - Adobe Systems Incorporated) HiddenF5 Networks VPN Client for Windows (HKLM\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 60.2009.1010.0312 - F5 Networks)Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)Finale NotePad 2011 (HKLM\...\DEC_Finale Notepad) (Version: 2011 - DMIG)Finale NotePad 2011 (HKLM\...\Finale NotePad 2011) (Version: 2011..r2.2 - MakeMusic)Fraps (remove only) (HKLM\...\Fraps) (Version: - )FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )FX Multi Printer Drivers x86 (HKLM\...\DEC_FX Multi Printer Drivers x86) (Version: 2.7.1.4 - DMIG)Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)GeoGebra (HKLM\...\DEC_GeoGebra) (Version: 3.2.46.0 - DMIG)Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)Google Earth (HKLM\...\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}) (Version: 6.0.3.2197 - Google)Google Earth (HKLM\...\DEC_Earth) (Version: 6.0.3.2197 - DMIG)Google SketchUp 8 (HKLM\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)Google Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenGraphmatica (HKLM\...\{A4DBF0AF-CDA0-4F60-BEB9-0145865D9DFF}) (Version: 2.3.0.8 - kSoft)HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)Image Resizer for Windows (HKLM\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)Image Resizer for Windows (Version: 3.0.4802.35565 - Brice Lambson) HiddenInstall Merge Module for Board (Version: 1.00.0000 - Your Company Name) HiddenIntegrated Camera (HKLM\...\Integrated Camera) (Version: 5.50.3.8 - Silicon Motion)Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.650 - Oracle)Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) HiddenJava SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)Java 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)Kodu Game Lab (HKLM\...\{6DD1D809-EE6F-49EE-B3A4-D406C75AEC49}) (Version: 1.1.0 - Microsoft Research)LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )Lenovo Patch Utility (HKLM\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )Local TCP Port Opener 1.1 (HKLM\...\Local TCP Port Opener_is1) (Version: - Håkan Franzen)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Forefront Client Security Antimalware Service (HKLM\...\{4D4FC0FF-F197-401F-842E-E118F1D2647E}) (Version: 1.5.1996.1 - Microsoft Corporation)Microsoft Forefront Client Security State Assessment Service (HKLM\...\{E8B56B38-A826-11DB-8C83-0011430C73A4}) (Version: 1.0.1703.0 - Microsoft Corporation)Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) HiddenMicrosoft Mathematics (HKLM\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Research AutoCollage 2008 Academic Edition (HKLM\...\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}) (Version: 1.01.2008 - Microsoft Research)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server System CLR Types (HKLM\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)Microsoft Visual C# 2010 Express - ENU (HKLM\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Nexon Game Manager (HKLM\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )Notepad++ (HKLM\...\Notepad++) (Version: 6.6.4 - Notepad++ Team)On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.41.00 - )Panasonic elite Panaboard (HKLM\...\{A6D95AEF-138A-4805-8AD4-84325CCD1914}) (Version: 4.21.001 - Panasonic)Panasonic elite Panaboard Ink Note Software (HKLM\...\{82410B99-F69F-4AA0-B290-3DB5350B81D4}) (Version: 1.0.0 - Panasonic)Panasonic elite Panaboard USB Driver (HKLM\...\{996945A3-2D3B-478C-81CB-FFBDEE766DA2}) (Version: 1.03.005 - Panasonic)PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version: - )PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) HiddenPen Tablet Driver (HKLM\...\DEC_Bamboo Drivers) (Version: 5.2.5 - DMIG)PRE10STIInstaller (Version: 1.0 - Adobe Systems Incorporated) HiddenPSE10 STI Installer (Version: 10.0 - Adobe Systems Incorporated) HiddenQuickMark (HKLM\...\{53B0213C-CC0C-4340-90BF-BFC7D3FE5BB4}) (Version: 3.8.0 - SimpleAct)QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)RuneScape Launcher 1.2.2 (HKLM\...\{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}) (Version: 1.2.2 - Jagex Ltd)Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)Scratch (HKLM\...\{2D64DBC2-99C8-4481-9D2A-1F8D4A245E95}) (Version: 1.4 - MIT Media Lab Lifelong Kindergarten)Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)SMART Common Platform (HKLM\...\{0E5DD7A3-BE29-430C-970B-C553F4A58C39}) (Version: 10.8.159.0 - SMART Technologies ULC)SMART Education Software 2011 (HKLM\...\{A4E43135-BBC1-433A-B04A-A8F6FF0E6E23}) (Version: 10.8.205.0 - SMART Technologies ULC)SMART Notebook (HKLM\...\{ED0FF410-41B9-441F-B457-4AC81782E8BF}) (Version: 10.8.364.0 - SMART Technologies ULC)SMART Product Drivers (HKLM\...\{67E6410C-1E97-4D03-BEC2-8E83323A6BBD}) (Version: 10.8.212.0 - SMART Technologies ULC)SRN (HKLM\...\{06003614-93D5-4792-B7FE-BED582ACB210}) (Version: 2.1 - Stuart Hasic)Steam (HKLM\...\Steam) (Version: - Valve Corporation)Synthesia (HKLM\...\Synthesia) (Version: 9 - Synthesia LLC)SynTPDeinstKey (HKLM\...\DEC_ThinkPad UltraNav Driver) (Version: 15.3.16.1 - DMIG)ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - )ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.62 - )ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.16.1 - )ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.08 - Lenovo)TuxGuitar (HKLM\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)Uninversal Printer Driver PCL5 x86 (HKLM\...\DEC_Uninversal Printer Driver PCL5 x86) (Version: 5.3.0.10527 - DMIG)Uninversal Printer Driver PCL6 x86 (HKLM\...\DEC_Uninversal Printer Driver PCL6 x86) (Version: 5.3.0.10527 - DMIG)Uninversal Printer Driver PS x86 (HKLM\...\DEC_Uninversal Printer Driver PS x86) (Version: 5.3.0.10527 - DMIG)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version: - Microsoft)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)Vegas Pro 10.0 (HKLM\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)Voxal Voice Changer (HKLM\...\Voxal) (Version: 1.03 - NCH Software)Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.7-3 - Wacom Technology Corp.)Wacom Tablet Driver (HKLM\...\DEC_Intuos Drivers) (Version: 5.2.5 - DMIG)WebTablet FB Plugin (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)Windows Driver Package - FTDI CDM Driver Package (06/28/2007 2.02.04) (HKLM\...\425CED78447CC5FFE1DC0AD9B03AB8257C4721FE) (Version: 06/28/2007 2.02.04 - FTDI)Windows Driver Package - FTDI CDM Driver Package (06/28/2007 2.02.04) (HKLM\...\711A3E8A5AA6CD6C6C3B91CB4A926928DED722C9) (Version: 06/28/2007 2.02.04 - FTDI)Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenXvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)z_Adobe Connect Add-in (HKLM\...\DEC_Connect Add-in) (Version: 9.4 r81 - DMIG) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 12:04 - 2014-05-03 17:26 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {12ADDE0D-387E-48A6-AF55-745411ABCE25} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)Task: {39174EA4-1202-4182-B5EB-3923DAFD8020} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992Core => C:\Users\Alex.Zeng\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-12] (Facebook Inc.)Task: {3BBB015D-513D-4323-92EF-671427CA8297} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2011-11-17] (Lenovo Group Limited)Task: {4DA9C476-9636-45A4-890D-48AF858827A4} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Signature Update => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08] (Microsoft Corporation)Task: {53CB7894-7D51-499B-AE1E-7B262FC78D31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-09] (Google Inc.)Task: {83F5E55C-17DF-4C47-AEC3-542B7A6F93BE} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Scan => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08] (Microsoft Corporation)Task: {88A46FFC-704E-4429-B48D-1206D2EF4BA7} - System32\Tasks\{40723F92-9B7B-464B-8E1D-112D8EDE693A} => C:\Program Files\Google\Google Earth\client\googleearth.exe [2011-11-17] (Google)Task: {8F3DCE62-4C87-46A2-BE65-21260AA31AEB} - System32\Tasks\BGInfoLIS => C:\Program Files\BGInfo\Resource\RunBGInfo.vbs [2011-11-17] ()Task: {A7590435-DCE2-4731-AB2E-9EC92D84B4A2} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Quick Scan => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08] (Microsoft Corporation)Task: {C6987A42-B7E7-4EA9-AF36-D1B91D667E73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-09] (Google Inc.)Task: {C749330C-040B-43CC-AF1A-A851C8427094} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992UA => C:\Users\Alex.Zeng\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-12] (Facebook Inc.)Task: {E112375F-C175-4875-A2B9-BC47134857CB} - System32\Tasks\GPO Script Assistance => C:\Windows\DET\L4L_STARTUP_CHECK.vbs [2009-07-15] ()Task: {F56B585B-FC6F-4921-8A8B-29F035C3CB43} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-25] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992Core.job => C:\Users\Alex.Zeng\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992UA.job => C:\Users\Alex.Zeng\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-09-01 05:31 - 2009-09-01 05:31 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2011-11-17 10:31 - 2011-11-17 10:30 - 00962936 _____ () C:\Program Files\Tablet\Pen\libxml2.dll2011-11-17 10:32 - 2011-11-17 10:32 - 00962936 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll2014-05-23 02:10 - 2014-05-23 02:10 - 00693920 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2011-11-17 10:38 - 2011-11-17 10:38 - 00044544 _____ () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL2011-11-17 09:36 - 2011-11-17 09:35 - 00393216 _____ () C:\Windows\SMIKsLIB.dll2011-11-17 09:36 - 2011-11-17 09:35 - 00274432 _____ () C:\Windows\system32\370prop.ax2011-11-17 10:33 - 2011-11-17 10:33 - 00066856 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll2012-05-01 12:02 - 2010-10-26 12:39 - 00049568 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe2011-11-17 09:36 - 2011-11-17 09:35 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll2014-05-26 05:52 - 2014-05-26 05:52 - 32733088 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\HEX\libcef.dll2014-08-30 15:44 - 2014-08-30 15:44 - 00297984 ____H () C:\Users\Administrator\AppData\Local\Temp\Google\update.exe2014-05-23 02:10 - 2014-05-23 02:10 - 05341856 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe2014-05-12 22:22 - 2014-05-12 22:22 - 02217128 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\plugins\ExchangePlugin\ExManCoreLib\ExManZxpSign.dll2014-08-16 09:47 - 2014-08-07 13:20 - 00718152 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\libglesv2.dll2014-08-16 09:47 - 2014-08-07 13:20 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\libegl.dll2014-08-16 09:47 - 2014-08-07 13:20 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll2014-08-16 09:47 - 2014-08-07 13:20 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll2014-08-16 09:47 - 2014-08-07 13:20 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FCSAM => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 10499 Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 10499 Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9501 Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9501 Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8456 Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8456 Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/31/2014 04:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 7457 System errors:=============Error: (08/31/2014 05:41:55 PM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (08/31/2014 05:36:08 PM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (08/31/2014 04:18:30 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (08/31/2014 04:10:43 PM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (08/31/2014 04:10:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/31/2014 04:08:23 PM) (Source: FcsSas) (EventID: 10006) (User: )Description: Forefront Client Security State Assessment Service policy applied with errors. Reverted to the following settings: Schedule Type: IntervalTime: 12Parameter: Error: (08/31/2014 04:03:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (08/31/2014 04:03:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The BlueStacks Android Service service terminated with the following error: %%1064 Error: (08/31/2014 04:03:14 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). Error: (08/31/2014 04:03:13 PM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain DETNSW due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Microsoft Office Sessions:=========================Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 10499 Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 10499 Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9501 Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9501 Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8456 Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8456 Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/31/2014 04:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 7457 ==================== Memory info =========================== Processor: Intel® Celeron® CPU 857 @ 1.20GHzPercentage of memory in use: 71%Total physical RAM: 2987.9 MBAvailable physical RAM: 849.22 MBTotal Pagefile: 5974.09 MBAvailable Pagefile: 3278.25 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1884.48 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:67.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1037376E)Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
HelpWARE09 Posted August 31, 2014 Author ID:873414 Share Posted August 31, 2014 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014 01Ran by Administrator (administrator) on SA428867866 on 31-08-2014 19:27:56Running from C:\Users\Administrator\DownloadsPlatform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg32.exe(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Windows\System32\CCM\CcmExec.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe(Silicon Motion) C:\Windows\SMIKsSTI.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe(Lenovo.) C:\Windows\System32\TpShocks.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe(Panasonic System Networks Co., Ltd.) C:\Program Files\Panasonic\elite Panaboard\EPBCONCT.exe(Panasonic System Networks Co., Ltd.) C:\Program Files\Panasonic\elite Panaboard\EPBPenC.exe(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Panasonic System Networks Co., Ltd.) C:\Program Files\Panasonic\elite Panaboard\EPBStylus.exe(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe() C:\Users\Administrator\AppData\Local\Temp\Google\update.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sMI_SSE_V5] => C:\Windows\SMIKsSTI.EXE [212992 2011-11-17] (Silicon Motion)HKLM\...\Run: [DETBGInfo] => wscript.exe "C:\Program Files\BGInfo\Resource\RunBGInfo.vbs" /WallPaperHKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2282792 2011-11-17] (Synaptics Incorporated)HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [42344 2011-07-22] (Lenovo Group Limited)HKLM\...\Run: [] => [X]HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2011-01-14] (Lenovo.)HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitorHKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM\...\Run: [AdobeConnectProAddIns] => C:\Program Files\Adobe\Acrobat Connect Pro Add In Checker\runaddinchecker.vbs [186 2011-11-17] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-07] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-06-07] (Adobe Systems Incorporated)HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2903448 2011-06-07] (Adobe Systems Inc.)HKLM\...\Run: [sMART Board Service] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [1761136 2011-07-13] (SMART Technologies)HKLM\...\Run: [EPBConnect] => C:\Program Files\Panasonic\elite Panaboard\EPBCONCT.exe [425984 2011-06-16] (Panasonic System Networks Co., Ltd.)HKLM\...\Run: [EPBPenC] => C:\Program Files\Panasonic\elite Panaboard\EPBPenC.exe [352256 2011-06-13] (Panasonic System Networks Co., Ltd.)HKLM\...\Run: [EPBPreLoader] => C:\Program Files\Panasonic\elite Panaboard\elite Panaboard software\PreLoader.exe [14848 2011-04-27] (Panasonic System Networks Co., Ltd.)HKLM\...\Run: [Microsoft Forefront Client Security Antimalware Service] => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe [1033600 2011-02-02] (Microsoft Corporation)HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49568 2010-10-26] ()HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM\...\Run: [blueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)HKU\S-1-5-21-2848396421-790072867-494017664-500\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-2848396421-790072867-494017664-500\...\Run: [pWtnCEiC6c] => C:\Users\Administrator\AppData\Roaming\YBtpCGXR\MpmZmiu.exe [297984 2014-08-30] ()HKU\S-1-5-21-2848396421-790072867-494017664-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Temp\Google\update.exe [297984 2014-08-30] () <===== ATTENTIONStartup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Alex.Zeng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.det.nsw.edu.auSearchScopes: HKLM - DefaultScope {EBC5FDD5-D30D-46DC-B513-B4F4167EEAF6} URL = http://www.google.com.au/search?q={searchTerms}SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {EBC5FDD5-D30D-46DC-B513-B4F4167EEAF6} URL = http://www.google.com.au/search?q={searchTerms}SearchScopes: HKCU - DefaultScope {EBC5FDD5-D30D-46DC-B513-B4F4167EEAF6} URL = BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files/F5 VPN/F5_TMP/f5tunsrv.cabDPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files/F5 VPN/F5_TMP/InstallerControl.cabDPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} file://C:/Program Files/F5 VPN/F5_TMP/msrdp.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {B8693DEF-98AC-43FC-AA00-E7D728334C80} file://C:/Program Files/F5 VPN/F5_TMP/ur5250x.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files/F5 VPN/F5_TMP/urxshost.cabDPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files/F5 VPN/F5_TMP/urxhost.cabDPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} file://C:/Program Files/F5 VPN/F5_TMP/urvncx.cabHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 10.1.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-11-17]FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-17] Chrome: =======CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-09]CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-20]CHR Extension: (GeoGebra) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-02-04]CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-19]CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-09]CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-19] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-03-19] (Intel Corporation)R2 CxAudMsg; C:\Windows\system32\CxAudMsg32.exe [190592 2010-12-17] (Conexant Systems Inc.)R2 FCSAM; C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16896 2011-01-08] (Microsoft Corporation)R2 FcsSas; C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [73120 2007-04-06] (Microsoft Corporation)S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-11-17] (Macrovision Europe Ltd.) [File not signed]R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [41832 2011-07-22] (Lenovo Group Limited)R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-11-17] (Lenovo Group Limited)R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [60264 2011-07-22] (Lenovo Group Limited)R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2011-11-17] (Lenovo Group Limited)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-11-17] (Lenovo Group Limited)R2 Rpcnet; C:\Windows\system32\rpcnet.exe [69792 2013-05-22] (Absolute Software Corp.)R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2011-01-07] (Conexant Systems, Inc.)S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]R2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [5429624 2011-11-17] (Wacom Technology, Corp.)R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-11-17] (Lenovo Group Limited) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2699264 2011-11-17] (Broadcom Corporation)R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-01] (BlueStack Systems)S3 epbkmdf; C:\Windows\system32\drivers\epbkmdf.sys [12424 2011-02-22] (Panasonic System Networks Co., Ltd.)S3 epbmtusb; C:\Windows\system32\drivers\epbmtusb.sys [83592 2011-02-22] (Panasonic System Networks Co., Ltd.)S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [53184 2007-06-27] (FTDI Ltd.)S3 hidkmdf; C:\Windows\system32\drivers\hidkmdf.sys [9712 2011-07-13] (Windows ® Win 7 DDK provider)R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [68208 2011-11-17] (Atheros Communications, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-31] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-11-17] (Intel Corporation)R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [71296 2011-02-02] (Microsoft Corporation)S3 NWLowRider; C:\Windows\system32\drivers\NWLowRider.sys [22768 2011-07-13] ()S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [253544 2011-11-17] (Realtek Semiconductor Corp.)R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11632 2011-07-13] (SMART Technologies ULC)R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14704 2011-07-13] (SMART Technologies ULC)R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [21872 2011-07-13] (SMART Technologies ULC)S3 STI2303X; C:\Windows\System32\Drivers\STI2303X.sys [19440 2011-07-13] (Prolific Technology Inc.)R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [185216 2011-11-17] (SMI)R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx86.sys [45264 2014-06-28] ()S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-31 19:27 - 2014-08-31 19:28 - 00027109 _____ () C:\Users\Administrator\Downloads\FRST.txt2014-08-31 19:27 - 2014-08-31 19:28 - 00000000 ____D () C:\FRST2014-08-31 19:27 - 2014-08-31 19:27 - 01095680 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe2014-08-31 15:24 - 2014-08-31 16:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-31 15:24 - 2014-08-31 15:24 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-31 15:24 - 2014-08-31 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-31 15:23 - 2014-08-31 15:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-31 15:23 - 2014-08-31 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-31 15:23 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-31 15:23 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-31 15:23 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-08-31 15:21 - 2014-08-31 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe2014-08-31 14:55 - 2014-06-25 11:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-08-30 15:57 - 2014-08-30 15:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.Kratos_4982014-08-30 15:57 - 2014-08-30 15:57 - 00000000 ____D () C:\Users\Administrator\.paradox_store_322014-08-30 15:56 - 2014-08-30 15:57 - 01136385 _____ () C:\Users\Administrator\Downloads\kratos-gamepack.jar2014-08-30 15:56 - 2014-08-30 15:57 - 00909920 _____ () C:\Users\Administrator\Downloads\client (6).jar2014-08-30 15:44 - 2014-08-30 15:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\YBtpCGXR2014-08-30 15:43 - 2014-08-30 15:47 - 00000000 ____D () C:\Users\Administrator\.allstarlegends2014-08-30 15:43 - 2014-08-30 15:43 - 00413797 _____ () C:\Users\Administrator\Downloads\AllstarLegends.jar2014-08-29 19:06 - 2014-08-29 19:06 - 00000000 ____D () C:\Users\Administrator\LletyaV42014-08-29 19:05 - 2014-08-29 19:05 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (3).jar2014-08-29 18:12 - 2014-08-29 18:22 - 00000024 _____ () C:\Users\Alex.Zeng\random.dat2014-08-29 18:12 - 2014-08-29 18:12 - 00000048 _____ () C:\Users\Alex.Zeng\jagex_cl_runescape_LIVE.dat2014-08-28 19:40 - 2014-08-28 19:40 - 00056785 _____ () C:\Users\Administrator\Downloads\launcher592 (1).jar2014-08-28 19:12 - 2014-08-28 19:17 - 21075147 _____ () C:\Users\Administrator\Downloads\h_basenames_1805372.csv2014-08-27 18:40 - 2014-08-27 18:41 - 02677406 _____ () C:\Users\Administrator\Downloads\smf_2-0-8_install.zip2014-08-25 08:51 - 2014-08-25 08:51 - 00074240 _____ () C:\Users\Alex.Zeng\Downloads\Exodus-Wear-Sizing-&-Names final.xls2014-08-24 20:10 - 2014-08-24 20:10 - 00074240 _____ () C:\Users\Administrator\Downloads\Exodus-Wear-Sizing-&-Names final.xls2014-08-23 17:32 - 2014-08-23 18:00 - 00000000 ____D () C:\Users\Administrator\.unlimitedrsps5922014-08-23 17:32 - 2014-08-23 17:32 - 00056785 _____ () C:\Users\Administrator\Downloads\launcher592.jar2014-08-20 15:20 - 2014-08-20 15:20 - 00793823 _____ () C:\Users\Administrator\Downloads\JR_Term2_19962001_2U.zip2014-08-19 16:58 - 2014-08-19 17:00 - 00000000 ____D () C:\Users\Administrator\Desktop\2u papers2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\Users\Administrator\Desktop\Mathematics2014-08-16 20:01 - 2014-08-16 20:01 - 00256714 _____ () C:\Users\Administrator\Downloads\LletyaV3.jar2014-08-16 19:58 - 2014-08-16 19:58 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (2).jar2014-08-16 19:43 - 2014-08-16 19:43 - 00925594 _____ () C:\Users\Administrator\Downloads\530 client sauce (1).zip2014-08-16 14:03 - 2014-08-16 14:04 - 00000000 ____D () C:\Users\Administrator\Feather_Cache12014-08-16 13:57 - 2014-08-16 13:58 - 00000000 ____D () C:\Users\Administrator\Desktop\Official Feather Client2014-08-16 13:55 - 2014-08-16 13:56 - 07440401 _____ () C:\Users\Administrator\Downloads\Official Feather Client.zip2014-08-16 13:54 - 2014-08-16 13:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Pure 667 Feather Server2014-08-16 13:53 - 2014-08-16 13:51 - 443929064 _____ () C:\Users\Administrator\Desktop\Pure 667 Feather Server.zip2014-08-16 13:50 - 2014-08-16 13:51 - 443929064 _____ () C:\Users\Administrator\Downloads\Pure 667 Feather Server.zip2014-08-16 11:29 - 2014-08-16 11:30 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (8).jar2014-08-14 20:14 - 2014-08-14 20:16 - 06270240 _____ () C:\Users\Alex.Zeng\Downloads\Senior Geography Project.zip2014-08-14 20:05 - 2014-08-21 12:21 - 00000000 ____D () C:\Users\Alex.Zeng\Desktop\Senior Geography Project Year 11 2014 by Alex Zeng2014-08-14 19:07 - 2014-08-14 19:09 - 06270240 _____ () C:\Users\Administrator\Downloads\Senior Geography Project.zip2014-08-11 18:42 - 2014-08-11 18:42 - 02962875 _____ () C:\Users\Administrator\Downloads\PkHonor.jar2014-08-11 18:42 - 2014-08-11 18:42 - 00000000 ____D () C:\Users\Administrator\PkHonor2014-08-10 10:55 - 2014-08-10 10:53 - 01826598 _____ () C:\Users\Administrator\Desktop\LaunchLletya (1).jar2014-08-10 10:53 - 2014-08-10 10:53 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (1).jar2014-08-09 16:39 - 2014-08-09 16:41 - 00000000 ____D () C:\Users\Administrator\.ss22014-08-09 16:39 - 2014-08-09 16:39 - 00018163 _____ () C:\Users\Administrator\Downloads\Soulsplit (1).jar2014-08-09 16:28 - 2014-08-09 16:28 - 00000000 ____D () C:\Users\Administrator\Entrana2014-08-09 16:27 - 2014-08-09 16:27 - 00012701 _____ () C:\Users\Administrator\Downloads\Entrana Updater.jar2014-08-09 16:27 - 2014-08-09 16:27 - 00000000 ____D () C:\Users\Administrator\EntranaLoader2014-08-09 15:23 - 2014-08-09 15:24 - 00000000 ____D () C:\Users\Administrator\Extinction12014-08-09 15:19 - 2014-08-09 15:21 - 00000000 ____D () C:\Users\Administrator\Desktop\The Poanizer Project Source2014-08-09 15:14 - 2014-08-09 15:15 - 488648522 _____ () C:\Users\Administrator\Downloads\The Poanizer Project Source.zip2014-08-09 14:38 - 2014-08-16 09:47 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-08-09 14:38 - 2014-08-09 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-08-09 14:35 - 2014-08-31 18:40 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-09 14:35 - 2014-08-31 16:04 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-09 14:34 - 2014-08-09 14:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment2014-08-09 14:34 - 2014-08-09 14:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.02014-08-09 13:47 - 2014-08-29 19:06 - 00247025 _____ () C:\Users\Administrator\LletyaV3.jar2014-08-09 13:47 - 2014-08-09 13:47 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya.jar2014-08-09 13:46 - 2014-08-16 19:58 - 00000000 ____D () C:\Users\Administrator\LletyaV32014-08-09 10:30 - 2014-08-09 10:30 - 00000000 ____D () C:\Users\Administrator\Desktop\client (1)2014-08-09 10:16 - 2014-08-09 10:24 - 95635624 _____ () C:\Users\Administrator\Desktop\client (1).rar2014-08-09 09:38 - 2014-08-09 09:38 - 00552377 _____ () C:\Users\Administrator\Downloads\client (5).jar2014-08-09 09:18 - 2014-08-09 09:18 - 00000000 ____D () C:\Users\Administrator\.ikov_cache2014-08-09 09:17 - 2014-08-09 09:18 - 00552377 _____ () C:\Users\Administrator\Downloads\client (4).jar2014-08-09 09:08 - 2014-08-09 09:08 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (7).jar2014-08-08 17:00 - 2014-08-08 17:01 - 00000000 ____D () C:\Users\Alex.Zeng\.ss22014-08-08 17:00 - 2014-08-08 17:00 - 00018163 _____ () C:\Users\Alex.Zeng\Downloads\Soulsplit.jar2014-08-08 16:48 - 2014-08-08 16:55 - 67778850 _____ () C:\Users\Alex.Zeng\Downloads\Electric Dance Off.mp42014-08-07 20:33 - 2014-08-07 20:33 - 00000000 ____D () C:\Users\Administrator\Documents\PCSX22014-08-07 20:29 - 2014-08-07 20:29 - 00001927 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\Windows\system32\directx2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX22014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\Program Files\PCSX2 1.2.12014-08-07 19:52 - 2014-08-07 19:57 - 10658408 _____ () C:\Users\Administrator\Downloads\pcsx2-1.2.1-r5875-setup.exe2014-08-07 11:00 - 2014-08-07 11:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-08-06 15:14 - 2014-06-23 16:30 - 734281728 _____ () C:\Users\Administrator\Desktop\The Usual Suspects[1995]DvDrip[Eng]-Stealthmaster.avi2014-08-06 15:12 - 2014-04-11 18:04 - 1465785852 ____R () C:\Users\Administrator\Desktop\Inglourious Basterds (2009) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi2014-08-06 15:11 - 2014-08-08 22:54 - 00000000 ____D () C:\Users\Administrator\Desktop\The Truman Show (1998)2014-08-06 15:11 - 2014-08-04 18:04 - 734734302 _____ () C:\Users\Administrator\Desktop\22.Jump.Street.2014.TS.XviD-SUMO.avi2014-08-06 15:08 - 2014-08-09 09:19 - 00000000 ____D () C:\Users\Administrator\Desktop\The Monuments Men (2014) [1080p]2014-08-06 15:06 - 2014-08-06 15:08 - 00000000 ____D () C:\Users\Administrator\Desktop\The Amazing Spiderman (2012) [1080p]2014-08-06 15:06 - 2014-08-06 15:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Imagine Dragons - Night Visions (Deluxe Version) 2013 Indie Rock 320kbps CBR MP3 [VX] [P2PDL]2014-08-05 11:09 - 2014-06-18 11:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-08-05 11:09 - 2014-06-18 10:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-08-05 11:09 - 2014-06-07 10:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-08-05 11:09 - 2014-06-07 09:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-08-05 11:09 - 2014-06-07 09:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-08-05 11:09 - 2014-06-07 09:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-08-05 11:09 - 2014-06-07 09:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-08-05 11:09 - 2014-06-07 09:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-08-05 11:09 - 2014-06-07 09:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-08-05 11:09 - 2014-06-07 08:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-08-05 11:09 - 2014-06-07 08:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-08-05 11:09 - 2014-06-07 08:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-08-05 11:09 - 2014-06-07 08:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-08-05 11:09 - 2014-06-07 08:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-08-05 11:09 - 2014-06-07 08:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-08-05 11:09 - 2014-06-07 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-08-05 11:09 - 2014-06-07 08:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-08-05 11:09 - 2014-06-07 08:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-08-05 11:09 - 2014-06-07 08:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-08-05 11:09 - 2014-06-07 08:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-08-05 11:09 - 2014-06-07 08:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-08-05 11:09 - 2014-06-07 08:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-08-05 11:09 - 2014-06-07 08:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-08-05 11:08 - 2014-06-06 19:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-08-05 11:08 - 2014-05-30 16:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-08-05 11:02 - 2014-05-30 17:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-08-05 11:02 - 2014-05-30 17:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-08-05 11:02 - 2014-05-30 17:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-08-05 11:02 - 2014-05-30 17:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-08-05 11:02 - 2014-05-30 17:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-08-05 11:02 - 2014-05-30 17:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-08-05 11:02 - 2014-05-30 17:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-08-05 11:01 - 2014-06-30 11:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-08-05 11:01 - 2014-06-30 11:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-08-05 11:00 - 2014-06-06 00:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-08-04 17:29 - 2014-08-04 17:29 - 00000000 ____D () C:\Users\Alex.Zeng\PkHonor2014-08-04 17:24 - 2014-08-04 17:28 - 02962875 _____ () C:\Users\Alex.Zeng\Downloads\PkHonor.jar2014-08-03 10:06 - 2014-08-03 10:06 - 00000014 _____ () C:\Users\Administrator\uid.dat2014-08-03 09:59 - 2014-08-03 10:37 - 00000000 ____D () C:\Users\Administrator\.ultimatescape2014-08-03 09:57 - 2014-08-03 09:57 - 00010342 _____ () C:\Users\Administrator\Downloads\US2Launcher.jar2014-08-02 14:59 - 2014-08-02 15:00 - 00000000 ____D () C:\Users\Administrator\2006-Memorys2014-08-02 14:59 - 2014-08-02 14:59 - 00322132 _____ () C:\Users\Administrator\Downloads\client (3).jar2014-08-02 14:48 - 2014-08-02 14:48 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (6).jar2014-08-02 13:43 - 2014-08-02 13:43 - 00000000 _____ () C:\Windows\system32\npcs.txt2014-08-02 13:35 - 2014-08-02 13:43 - 00000000 ____D () C:\Users\Administrator\enchanta_data22014-08-02 13:35 - 2014-08-02 13:35 - 00000000 ____D () C:\Windows\.wms32_322014-08-02 13:34 - 2014-08-02 13:34 - 00009355 _____ () C:\Users\Administrator\Downloads\client (2).zip2014-08-02 09:12 - 2014-08-02 09:14 - 00000000 ____D () C:\Users\Administrator\.allgofree2014-08-02 09:12 - 2014-08-02 09:12 - 00000000 ____D () C:\Users\Administrator\Desktop\RuneRebels2014-08-02 09:06 - 2014-08-02 09:06 - 00075144 _____ () C:\Users\Administrator\Downloads\RuneRebels (1).zip2014-08-02 09:03 - 2014-08-02 09:09 - 00000000 ____D () C:\Users\Administrator\runeprojectv4cache2014-08-02 09:03 - 2014-08-02 09:03 - 00251540 _____ () C:\Users\Administrator\RuneProjectLoading.jar2014-08-02 09:03 - 2014-08-02 09:03 - 00030330 _____ () C:\Users\Administrator\Downloads\RuneProjectLoader.jar2014-08-02 09:03 - 2014-08-02 09:03 - 00000004 _____ () C:\Users\Administrator\clientvers.dat2014-08-02 08:55 - 2014-08-02 08:55 - 00925594 _____ () C:\Users\Administrator\Downloads\530 client sauce.zip2014-08-01 18:11 - 2014-08-01 18:16 - 00000053 _____ () C:\Users\Administrator\athens_cl_athens_LIVE.dat2014-08-01 18:11 - 2014-08-01 18:11 - 00000000 ____D () C:\Users\Administrator\athenian.cache2014-08-01 18:09 - 2014-08-01 18:09 - 03126000 _____ () C:\Users\Administrator\Downloads\Athens.jar2014-08-01 12:16 - 2014-08-01 12:16 - 04202496 _____ () C:\Users\Administrator\Desktop\ksdlfhsaidufiousad.pub ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-31 19:28 - 2014-08-31 19:27 - 00027109 _____ () C:\Users\Administrator\Downloads\FRST.txt2014-08-31 19:28 - 2014-08-31 19:27 - 00000000 ____D () C:\FRST2014-08-31 19:27 - 2014-08-31 19:27 - 01095680 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe2014-08-31 19:09 - 2012-04-27 07:51 - 01198953 _____ () C:\Windows\WindowsUpdate.log2014-08-31 18:40 - 2014-08-09 14:35 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-31 18:05 - 2013-04-12 18:00 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992UA.job2014-08-31 18:05 - 2013-04-12 18:00 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992Core.job2014-08-31 17:30 - 2012-04-27 07:48 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe2014-08-31 16:18 - 2009-07-14 14:34 - 00019312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-31 16:18 - 2009-07-14 14:34 - 00019312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-31 16:07 - 2011-11-17 10:11 - 00000461 _____ () C:\Windows\SMSCFG.INI2014-08-31 16:05 - 2014-08-31 15:24 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-31 16:04 - 2014-08-09 14:35 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-31 16:03 - 2014-01-29 10:45 - 00009014 _____ () C:\Windows\setupact.log2014-08-31 16:03 - 2011-11-17 13:23 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll2014-08-31 16:03 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-31 16:02 - 2014-05-05 17:28 - 00037188 _____ () C:\Windows\PFRO.log2014-08-31 16:02 - 2009-07-14 14:52 - 00000000 ____D () C:\Windows\addins2014-08-31 15:24 - 2014-08-31 15:24 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-31 15:24 - 2014-08-31 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-31 15:24 - 2014-08-31 15:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-31 15:23 - 2014-08-31 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-31 15:23 - 2014-08-31 15:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe2014-08-31 15:00 - 2012-08-27 09:21 - 00000123 __RSH () C:\ProgramData\3002.xml2014-08-31 14:49 - 2010-11-21 07:01 - 00006388 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-30 17:26 - 2013-10-29 15:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype2014-08-30 15:57 - 2014-08-30 15:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.Kratos_4982014-08-30 15:57 - 2014-08-30 15:57 - 00000000 ____D () C:\Users\Administrator\.paradox_store_322014-08-30 15:57 - 2014-08-30 15:56 - 01136385 _____ () C:\Users\Administrator\Downloads\kratos-gamepack.jar2014-08-30 15:57 - 2014-08-30 15:56 - 00909920 _____ () C:\Users\Administrator\Downloads\client (6).jar2014-08-30 15:57 - 2012-10-09 15:54 - 00000000 ____D () C:\Users\Administrator2014-08-30 15:47 - 2014-08-30 15:43 - 00000000 ____D () C:\Users\Administrator\.allstarlegends2014-08-30 15:44 - 2014-08-30 15:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\YBtpCGXR2014-08-30 15:43 - 2014-08-30 15:43 - 00413797 _____ () C:\Users\Administrator\Downloads\AllstarLegends.jar2014-08-29 19:22 - 2012-10-09 15:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity2014-08-29 19:06 - 2014-08-29 19:06 - 00000000 ____D () C:\Users\Administrator\LletyaV42014-08-29 19:06 - 2014-08-09 13:47 - 00247025 _____ () C:\Users\Administrator\LletyaV3.jar2014-08-29 19:05 - 2014-08-29 19:05 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (3).jar2014-08-29 18:22 - 2014-08-29 18:12 - 00000024 _____ () C:\Users\Alex.Zeng\random.dat2014-08-29 18:12 - 2014-08-29 18:12 - 00000048 _____ () C:\Users\Alex.Zeng\jagex_cl_runescape_LIVE.dat2014-08-29 18:12 - 2012-05-01 07:42 - 00000000 ____D () C:\Users\Alex.Zeng2014-08-29 13:04 - 2012-04-27 09:16 - 00000000 ___HD () C:\Windows\DET2014-08-29 12:01 - 2012-04-27 09:06 - 00001984 _____ () C:\Windows\system32\config\netlogon.ftl2014-08-28 19:42 - 2014-01-07 18:06 - 00000046 _____ () C:\Users\Administrator\jagex_Runescape_preferences.dat2014-08-28 19:40 - 2014-08-28 19:40 - 00056785 _____ () C:\Users\Administrator\Downloads\launcher592 (1).jar2014-08-28 19:17 - 2014-08-28 19:12 - 21075147 _____ () C:\Users\Administrator\Downloads\h_basenames_1805372.csv2014-08-27 18:41 - 2014-08-27 18:40 - 02677406 _____ () C:\Users\Administrator\Downloads\smf_2-0-8_install.zip2014-08-27 09:15 - 2012-04-27 09:16 - 00199716 __RSH () C:\ProgramData\ntuser.pol2014-08-25 08:51 - 2014-08-25 08:51 - 00074240 _____ () C:\Users\Alex.Zeng\Downloads\Exodus-Wear-Sizing-&-Names final.xls2014-08-24 20:10 - 2014-08-24 20:10 - 00074240 _____ () C:\Users\Administrator\Downloads\Exodus-Wear-Sizing-&-Names final.xls2014-08-23 18:00 - 2014-08-23 17:32 - 00000000 ____D () C:\Users\Administrator\.unlimitedrsps5922014-08-23 17:32 - 2014-08-23 17:32 - 00056785 _____ () C:\Users\Administrator\Downloads\launcher592.jar2014-08-22 15:46 - 2013-10-29 20:27 - 00000000 ____D () C:\Users\Alex.Zeng\AppData\Roaming\Skype2014-08-22 15:34 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\NDF2014-08-21 12:21 - 2014-08-14 20:05 - 00000000 ____D () C:\Users\Alex.Zeng\Desktop\Senior Geography Project Year 11 2014 by Alex Zeng2014-08-20 15:20 - 2014-08-20 15:20 - 00793823 _____ () C:\Users\Administrator\Downloads\JR_Term2_19962001_2U.zip2014-08-19 17:00 - 2014-08-19 16:58 - 00000000 ____D () C:\Users\Administrator\Desktop\2u papers2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\Users\Administrator\Desktop\Mathematics2014-08-16 20:01 - 2014-08-16 20:01 - 00256714 _____ () C:\Users\Administrator\Downloads\LletyaV3.jar2014-08-16 19:58 - 2014-08-16 19:58 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (2).jar2014-08-16 19:58 - 2014-08-09 13:46 - 00000000 ____D () C:\Users\Administrator\LletyaV32014-08-16 19:50 - 2013-10-29 17:21 - 00000052 _____ () C:\Users\Administrator\jagex_cl_oldschool_LIVE.dat2014-08-16 19:48 - 2014-07-25 16:57 - 00000000 ____D () C:\Users\Administrator\Desktop\Xenorune client2014-08-16 19:43 - 2014-08-16 19:43 - 00925594 _____ () C:\Users\Administrator\Downloads\530 client sauce (1).zip2014-08-16 14:04 - 2014-08-16 14:03 - 00000000 ____D () C:\Users\Administrator\Feather_Cache12014-08-16 13:58 - 2014-08-16 13:57 - 00000000 ____D () C:\Users\Administrator\Desktop\Official Feather Client2014-08-16 13:56 - 2014-08-16 13:55 - 07440401 _____ () C:\Users\Administrator\Downloads\Official Feather Client.zip2014-08-16 13:54 - 2014-08-16 13:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Pure 667 Feather Server2014-08-16 13:51 - 2014-08-16 13:53 - 443929064 _____ () C:\Users\Administrator\Desktop\Pure 667 Feather Server.zip2014-08-16 13:51 - 2014-08-16 13:50 - 443929064 _____ () C:\Users\Administrator\Downloads\Pure 667 Feather Server.zip2014-08-16 11:30 - 2014-08-16 11:29 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (8).jar2014-08-16 11:30 - 2014-05-24 12:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.arios_4982014-08-16 09:50 - 2012-12-26 12:40 - 00000052 _____ () C:\Users\Administrator\jagex_cl_runescape_LIVE.dat2014-08-16 09:47 - 2014-08-09 14:38 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-08-15 17:10 - 2012-05-01 07:45 - 00000000 ____D () C:\Users\Alex.Zeng\AppData\Roaming\Audacity2014-08-14 20:16 - 2014-08-14 20:14 - 06270240 _____ () C:\Users\Alex.Zeng\Downloads\Senior Geography Project.zip2014-08-14 19:09 - 2014-08-14 19:07 - 06270240 _____ () C:\Users\Administrator\Downloads\Senior Geography Project.zip2014-08-13 18:49 - 2014-06-07 11:53 - 00000000 ____D () C:\Program Files\Steam2014-08-11 18:42 - 2014-08-11 18:42 - 02962875 _____ () C:\Users\Administrator\Downloads\PkHonor.jar2014-08-11 18:42 - 2014-08-11 18:42 - 00000000 ____D () C:\Users\Administrator\PkHonor2014-08-11 12:05 - 2014-07-21 10:25 - 00000000 ____D () C:\Users\Alex.Zeng\Desktop\Cache Files2014-08-10 10:53 - 2014-08-10 10:55 - 01826598 _____ () C:\Users\Administrator\Desktop\LaunchLletya (1).jar2014-08-10 10:53 - 2014-08-10 10:53 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (1).jar2014-08-09 16:41 - 2014-08-09 16:39 - 00000000 ____D () C:\Users\Administrator\.ss22014-08-09 16:39 - 2014-08-09 16:39 - 00018163 _____ () C:\Users\Administrator\Downloads\Soulsplit (1).jar2014-08-09 16:28 - 2014-08-09 16:28 - 00000000 ____D () C:\Users\Administrator\Entrana2014-08-09 16:27 - 2014-08-09 16:27 - 00012701 _____ () C:\Users\Administrator\Downloads\Entrana Updater.jar2014-08-09 16:27 - 2014-08-09 16:27 - 00000000 ____D () C:\Users\Administrator\EntranaLoader2014-08-09 15:24 - 2014-08-09 15:23 - 00000000 ____D () C:\Users\Administrator\Extinction12014-08-09 15:21 - 2014-08-09 15:19 - 00000000 ____D () C:\Users\Administrator\Desktop\The Poanizer Project Source2014-08-09 15:15 - 2014-08-09 15:14 - 488648522 _____ () C:\Users\Administrator\Downloads\The Poanizer Project Source.zip2014-08-09 14:38 - 2014-08-09 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-08-09 14:38 - 2011-11-17 12:59 - 00000000 ____D () C:\Program Files\Google2014-08-09 14:35 - 2014-08-09 14:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment2014-08-09 14:34 - 2014-08-09 14:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.02014-08-09 13:47 - 2014-08-09 13:47 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya.jar2014-08-09 10:30 - 2014-08-09 10:30 - 00000000 ____D () C:\Users\Administrator\Desktop\client (1)2014-08-09 10:24 - 2014-08-09 10:16 - 95635624 _____ () C:\Users\Administrator\Desktop\client (1).rar2014-08-09 09:38 - 2014-08-09 09:38 - 00552377 _____ () C:\Users\Administrator\Downloads\client (5).jar2014-08-09 09:19 - 2014-08-06 15:08 - 00000000 ____D () C:\Users\Administrator\Desktop\The Monuments Men (2014) [1080p]2014-08-09 09:18 - 2014-08-09 09:18 - 00000000 ____D () C:\Users\Administrator\.ikov_cache2014-08-09 09:18 - 2014-08-09 09:17 - 00552377 _____ () C:\Users\Administrator\Downloads\client (4).jar2014-08-09 09:08 - 2014-08-09 09:08 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (7).jar2014-08-08 22:54 - 2014-08-06 15:11 - 00000000 ____D () C:\Users\Administrator\Desktop\The Truman Show (1998)2014-08-08 17:01 - 2014-08-08 17:00 - 00000000 ____D () C:\Users\Alex.Zeng\.ss22014-08-08 17:00 - 2014-08-08 17:00 - 00018163 _____ () C:\Users\Alex.Zeng\Downloads\Soulsplit.jar2014-08-08 16:55 - 2014-08-08 16:48 - 67778850 _____ () C:\Users\Alex.Zeng\Downloads\Electric Dance Off.mp42014-08-08 12:25 - 2010-11-21 10:31 - 00000000 ____D () C:\Program Files\Windows Journal2014-08-07 21:31 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\rescache2014-08-07 20:33 - 2014-08-07 20:33 - 00000000 ____D () C:\Users\Administrator\Documents\PCSX22014-08-07 20:29 - 2014-08-07 20:29 - 00001927 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\Windows\system32\directx2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX22014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\Program Files\PCSX2 1.2.12014-08-07 20:29 - 2014-02-22 17:58 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-07 19:57 - 2014-08-07 19:52 - 10658408 _____ () C:\Users\Administrator\Downloads\pcsx2-1.2.1-r5875-setup.exe2014-08-07 13:55 - 2014-07-21 11:42 - 00000000 ____D () C:\Users\Alex.Zeng\Desktop\Maths in Focus2014-08-07 11:06 - 2009-07-14 14:33 - 03805912 _____ () C:\Windows\system32\FNTCACHE.DAT2014-08-07 11:00 - 2014-08-07 11:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-08-06 15:08 - 2014-08-06 15:06 - 00000000 ____D () C:\Users\Administrator\Desktop\The Amazing Spiderman (2012) [1080p]2014-08-06 15:06 - 2014-08-06 15:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Imagine Dragons - Night Visions (Deluxe Version) 2013 Indie Rock 320kbps CBR MP3 [VX] [P2PDL]2014-08-05 11:15 - 2011-11-17 11:11 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-08-05 11:08 - 2013-09-01 11:17 - 00000000 ____D () C:\Windows\system32\MRT2014-08-05 11:03 - 2012-05-01 12:20 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-08-04 19:25 - 2012-12-26 12:34 - 00000000 ____D () C:\Program Files\Common Files\Steam2014-08-04 18:04 - 2014-08-06 15:11 - 734734302 _____ () C:\Users\Administrator\Desktop\22.Jump.Street.2014.TS.XviD-SUMO.avi2014-08-04 17:29 - 2014-08-04 17:29 - 00000000 ____D () C:\Users\Alex.Zeng\PkHonor2014-08-04 17:28 - 2014-08-04 17:24 - 02962875 _____ () C:\Users\Alex.Zeng\Downloads\PkHonor.jar2014-08-04 09:40 - 2014-07-21 10:24 - 05169152 _____ () C:\Users\Alex.Zeng\Desktop\Geo Cultural Adap.pub2014-08-03 22:59 - 2014-07-24 20:31 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk2014-08-03 22:59 - 2014-07-24 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-08-03 22:59 - 2013-10-29 15:23 - 00000000 ___RD () C:\Program Files\Skype2014-08-03 22:59 - 2013-10-29 15:10 - 00000000 ____D () C:\Users\Alex.Zeng\AppData\Local\Skype2014-08-03 22:59 - 2013-10-29 15:10 - 00000000 ____D () C:\ProgramData\Skype2014-08-03 10:37 - 2014-08-03 09:59 - 00000000 ____D () C:\Users\Administrator\.ultimatescape2014-08-03 10:06 - 2014-08-03 10:06 - 00000014 _____ () C:\Users\Administrator\uid.dat2014-08-03 09:57 - 2014-08-03 09:57 - 00010342 _____ () C:\Users\Administrator\Downloads\US2Launcher.jar2014-08-02 15:00 - 2014-08-02 14:59 - 00000000 ____D () C:\Users\Administrator\2006-Memorys2014-08-02 14:59 - 2014-08-02 14:59 - 00322132 _____ () C:\Users\Administrator\Downloads\client (3).jar2014-08-02 14:48 - 2014-08-02 14:48 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (6).jar2014-08-02 13:43 - 2014-08-02 13:43 - 00000000 _____ () C:\Windows\system32\npcs.txt2014-08-02 13:43 - 2014-08-02 13:35 - 00000000 ____D () C:\Users\Administrator\enchanta_data22014-08-02 13:35 - 2014-08-02 13:35 - 00000000 ____D () C:\Windows\.wms32_322014-08-02 13:34 - 2014-08-02 13:34 - 00009355 _____ () C:\Users\Administrator\Downloads\client (2).zip2014-08-02 09:14 - 2014-08-02 09:12 - 00000000 ____D () C:\Users\Administrator\.allgofree2014-08-02 09:12 - 2014-08-02 09:12 - 00000000 ____D () C:\Users\Administrator\Desktop\RuneRebels2014-08-02 09:09 - 2014-08-02 09:03 - 00000000 ____D () C:\Users\Administrator\runeprojectv4cache2014-08-02 09:06 - 2014-08-02 09:06 - 00075144 _____ () C:\Users\Administrator\Downloads\RuneRebels (1).zip2014-08-02 09:03 - 2014-08-02 09:03 - 00251540 _____ () C:\Users\Administrator\RuneProjectLoading.jar2014-08-02 09:03 - 2014-08-02 09:03 - 00030330 _____ () C:\Users\Administrator\Downloads\RuneProjectLoader.jar2014-08-02 09:03 - 2014-08-02 09:03 - 00000004 _____ () C:\Users\Administrator\clientvers.dat2014-08-02 08:55 - 2014-08-02 08:55 - 00925594 _____ () C:\Users\Administrator\Downloads\530 client sauce.zip2014-08-01 18:16 - 2014-08-01 18:11 - 00000053 _____ () C:\Users\Administrator\athens_cl_athens_LIVE.dat2014-08-01 18:11 - 2014-08-01 18:11 - 00000000 ____D () C:\Users\Administrator\athenian.cache2014-08-01 18:09 - 2014-08-01 18:09 - 03126000 _____ () C:\Users\Administrator\Downloads\Athens.jar2014-08-01 16:31 - 2012-06-13 13:37 - 00021296 __RSH () C:\ProgramData\3002.abs2014-08-01 13:14 - 2014-07-28 16:22 - 04205568 _____ () C:\Users\Administrator\Desktop\Geo Cultural Adap.pub2014-08-01 12:16 - 2014-08-01 12:16 - 04202496 _____ () C:\Users\Administrator\Desktop\ksdlfhsaidufiousad.pub Files to move or delete:====================C:\Users\Administrator\AppData\Local\Temp\Google\update.exeC:\Users\Administrator\alotic_preferences.datC:\Users\Administrator\alotic_preferences2.datC:\Users\Administrator\athens_cl_athens_LIVE.datC:\Users\Administrator\clientvers.datC:\Users\Administrator\Exoria_cl_matrix_LIVE.datC:\Users\Administrator\jagex_cl_oldschool_LIVE.datC:\Users\Administrator\jagex_cl_runescape_LIVE.datC:\Users\Administrator\jagex_cl_runescape_LIVE_BETA.datC:\Users\Administrator\jagex_Runescape_preferences.datC:\Users\Administrator\jagex_Runescape_preferences2.datC:\Users\Administrator\jagex__preferences3.datC:\Users\Administrator\matrixii_cl_matrix_LIVE.datC:\Users\Administrator\matrixii_cl_matrix_LIVE1.datC:\Users\Administrator\Paradox_runescape_preferences.datC:\Users\Administrator\Paradox_runescape_preferences2.datC:\Users\Administrator\random.datC:\Users\Administrator\uid.datC:\Users\Alex.Zeng\Color2.batC:\Users\Alex.Zeng\jagex_cl_runescape_LIVE.datC:\Users\Alex.Zeng\random.dat Some content of TEMP:====================C:\Users\Administrator\AppData\Local\Temp\ChangeIcon.exeC:\Users\Administrator\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Administrator\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exeC:\Users\Administrator\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exeC:\Users\Administrator\AppData\Local\Temp\kiro.exeC:\Users\Administrator\AppData\Local\Temp\NGMDll.dllC:\Users\Administrator\AppData\Local\Temp\NGMResource.dllC:\Users\Administrator\AppData\Local\Temp\unicows.dllC:\Users\Administrator\AppData\Local\Temp\xmlUpdater.exeC:\Users\Alex.Zeng\AppData\Local\Temp\10411.dllC:\Users\Alex.Zeng\AppData\Local\Temp\bass.dllC:\Users\Alex.Zeng\AppData\Local\Temp\bassmod.dllC:\Users\Alex.Zeng\AppData\Local\Temp\bdfilters.dllC:\Users\Alex.Zeng\AppData\Local\Temp\cabex.dllC:\Users\Alex.Zeng\AppData\Local\Temp\EH.dllC:\Users\Alex.Zeng\AppData\Local\Temp\firefoxjre_exe-1.exeC:\Users\Alex.Zeng\AppData\Local\Temp\firefoxjre_exe-2.exeC:\Users\Alex.Zeng\AppData\Local\Temp\firefoxjre_exe-3.exeC:\Users\Alex.Zeng\AppData\Local\Temp\firefoxjre_exe-4.exeC:\Users\Alex.Zeng\AppData\Local\Temp\firefoxjre_exe.exeC:\Users\Alex.Zeng\AppData\Local\Temp\i4jdel0.exeC:\Users\Alex.Zeng\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exeC:\Users\Alex.Zeng\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exeC:\Users\Alex.Zeng\AppData\Local\Temp\JW1MC5.dllC:\Users\Alex.Zeng\AppData\Local\Temp\kzblq1nn.dllC:\Users\Alex.Zeng\AppData\Local\Temp\NGMDll.dllC:\Users\Alex.Zeng\AppData\Local\Temp\NGMResource.dllC:\Users\Alex.Zeng\AppData\Local\Temp\NGMSetup.exeC:\Users\Alex.Zeng\AppData\Local\Temp\RT.dllC:\Users\Alex.Zeng\AppData\Local\Temp\svd_dap.exeC:\Users\Alex.Zeng\AppData\Local\Temp\unelevate.exeC:\Users\Alex.Zeng\AppData\Local\Temp\unicows.dllC:\Users\Alex.Zeng\AppData\Local\Temp\vcredist_x86.exeC:\Users\Alex.Zeng\AppData\Local\Temp\xmlUpdater.exeC:\Users\Alex.Zeng\AppData\Local\Temp\_inst1.exeC:\Users\Alex.Zeng\AppData\Local\Temp\_inst2.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-27 20:12 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted August 31, 2014 ID:873417 Share Posted August 31, 2014 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system.... 32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enternotepad c:\windows\debug\mrt.log Let me see those logs in your next reply, also give an update on any remaining issues or concerns... Kevin... fixlist.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 6, 2014 Root Admin ID:875588 Share Posted September 6, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts