Jump to content

Help ASAP.


Recommended Posts

Hello community, 

 

So I was just watching TV shows online, and then all of a sudden, my webcam light turned on (which means the webcam started to function). I was curious, but then ignored it for a few seconds. Not even a second or two after, this chat interface (no idea where it even originated from) just popped up, and along with it came a message and a link. The message read "Enjoying your show?", along with a link to prntscr.com. As many of you may know, Prntscr is a public free image hosting website. And sure enough, the link lead me to a picture of my very own face (honestly). 

 

Anyways, I panicked and then ran Malware Bytes around 10 times or so, conducting full scans. Ever since, I remain absolutely uncertain whether or not the virus has actually been rid of from my computer.

 

From this experience, I'd like to know of 2 things:

  1. What is this hack? What is the function of this hack? And why has it been conducted to me?
     
  2. How can I prevent this from happening to me again in the future?

 

Many thanks for reading and understanding.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see the two produced logs..

 

Kevin

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-08-2014 01

Ran by Administrator at 2014-08-31 19:29:26

Running from C:\Users\Administrator\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Forefront Client Security (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}

AS: Microsoft Forefront Client Security (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

{03534DA5-2F88-4B8E-A978-849B979E1B8F} (HKLM\...\DEC_Tux Guitar) (Version: 1.2 - DMIG)

{06003614-93D5-4792-B7FE-BED582ACB210} (HKLM\...\DEC_Student Response Network) (Version: 2.1 - DMIG)

{1882C68E-9957-4F04-9CAD-A0980E3E6699} (HKLM\...\DEC_Computrace_Agent) (Version: 8.0.898 - DMIG)

{196BB40D-1578-3D01-B289-BEFC77A11A1E} (HKLM\...\DEC_Visual_C++_Runtime_x86) (Version: 10.0.30319 - DMIG)

{23170F69-40C1-2701-0920-000001000000} (HKLM\...\DEC_7Zip) (Version: 9.20.00.0 - DMIG)

{26A24AE4-039D-4CA4-87B4-2F83216026FF} (HKLM\...\DEC_Java_Runtime_Environment_x86) (Version: 6.0.260 - DMIG)

{29ED20C9-5E15-4969-9279-25BF3727A3DA} (HKLM\...\DEC_iTunes x86) (Version: 10.5.0.142 - DMIG)

{2D64DBC2-99C8-4481-9D2A-1F8D4A245E95} (HKLM\...\DEC_Scratch) (Version: 1.4 - DMIG)

{3C3901C5-3455-3E0A-A214-0B093A5070A6} (HKLM\...\DEC_.NET_Framework) (Version: 4.030319 - DMIG)

{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7} (HKLM\...\DEC_Auto Collage) (Version: 2008 - DMIG)

{46A84694-59EC-48F0-964C-7E76E9F8A2ED} (HKLM\...\DEC_ThinkVantage Active Protection System) (Version: 1.74 - DMIG)

{4D4FC0FF-F197-401F-842E-E118F1D2647E} (HKLM\...\DEC_Forefront Client Security) (Version: 1.5.1996 - DMIG)

{53B0213C-CC0C-4340-90BF-BFC7D3FE5BB4} (HKLM\...\DEC_QuickMark) (Version: 3.8.0 - DMIG)

{6101D4B6-981F-4A4F-946A-36762CAF3120} (HKLM\...\DEC_Web_Premium) (Version: CS5.5 - DMIG)

{69CC48CF-1E31-4B04-98A1-87F9E45A13DC} (HKLM\...\DEC_EasySense Software) (Version: 2.8 - DMIG)

{6D4839CB-28B4-4070-8CA7-612CA92CA3D0} (HKLM\...\DEC_F5_Networks_VPN_Client) (Version: 6.0.3 - DMIG)

{6DD1D809-EE6F-49EE-B3A4-D406C75AEC49} (HKLM\...\DEC_Kodu Game Lab) (Version: 1.1.0 - DMIG)

{7E265513-8CDA-4631-B696-F40D983F3B07}_is1 (HKLM\...\DEC_CD_Burner_XP) (Version: 4.3.8.2568 - DMIG)

{88C6A6D9-324C-46E8-BA87-563D14021442}_is1 (HKLM\...\DEC_ThinkVantage Communications Utility) (Version: 2.08 - DMIG)

{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} (HKLM\...\DEC_Silverlight) (Version: 4.0.60531.0 - DMIG)

{A4E43135-BBC1-433A-B04A-A8F6FF0E6E23} (HKLM\...\DEC_SMART_Education_Software_2011) (Version: 10.8 - DMIG)

{A6D95AEF-138A-4805-8AD4-84325CCD1914} (HKLM\...\DEC_Panaboard) (Version: 4.2.1 - DMIG)

{AAF4DEA2-5A69-4819-9BB2-BF3D540F9024} (HKLM\...\DEC_Premiere Elements 10) (Version: 10.0 - DMIG)

{AC76BA86-1033-F400-7760-000000000005} (HKLM\...\DEC_Acrobat Pro) (Version: 10.1.0 - DMIG)

{B7BDAF22-9647-4846-8EA9-6E0A5B785651} (HKLM\...\DEC_Flash Player) (Version: 10.3.181.14 - DMIG)

{C9E14402-3631-4182-B377-6B0DFB1C0339} (HKLM\...\DEC_QuickTime) (Version: 7.70.80.34 - DMIG)

{CC1B3119-A9DB-FE3A-805C-8A9517533E0D} (HKLM\...\DEC_Cyber Safety Help Button) (Version: 1.0.11 - DMIG)

{Combined Community Codec Pack_is1} (HKLM\...\DEC_Combined_Community_Codec_Pack) (Version: 20110703 - DMIG)

{D06D66C9-EFC7-4A13-B492-E60CCE915571} (HKLM\...\DEC_Adobe Captivate) (Version: 5.5 - DMIG)

{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} (HKLM\...\DEC_ThinkPad Hotkey Features Integration) (Version: 3.51.0000 - DMIG)

{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8} (HKLM\...\DEC_Sketchup) (Version: 3.0.4811 - DMIG)

{D35B0C7A-4545-4A98-A810-3810B3FE25E5} (HKLM\...\DEC_Blue_Coat_Client) (Version: 3.1.0 - DMIG)

{D84A070E-2A31-464A-9830-39FAB5761D62} (HKLM\...\DEC_Shockwave_Player) (Version: 11.6.0.626 - DMIG)

{DAC01CEE-5BAE-42D5-81FC-B687E84E8405} (HKLM\...\DEC_ThinkPad Power Manager) (Version: 3.62 - DMIG)

{DEC BGInfo Wallpaper} (HKLM\...\DEC_BGInfo) (Version: 4.16 - DMIG)

{DEC_URLs_x86} (HKLM\...\DEC_DEC_URLs) (Version: 2.2 - DMIG)

{Dia} (HKLM\...\DEC_Dia) (Version: 0.97.1 - DMIG)

{DirectX} (HKLM\...\DEC_DirectX) (Version: 11 - DMIG)

{FDB3B167-F4FA-461D-976F-286304A57B2A} (HKLM\...\DEC_AIR Runtime) (Version: 2.7.0.19530 - DMIG)

{WinLiveSuite} (HKLM\...\DEC_Windows_Live_Essentials) (Version: 15.4.3508.1109 - DMIG)

32 Bit HP CIO Components Installer (Version: 8.1.2 - Hewlett-Packard) Hidden

7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.0 - Adobe Systems)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)

Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden

Adobe Captivate 5.5 (HKLM\...\{7DE6CDC3-CFEE-4564-813D-3F59E5D71F10}) (Version: 5.5 - Adobe Systems Incorporated)

Adobe Captivate Quiz Results Analyzer (HKLM\...\QuizResultsAnalyzer1.5.D22673E681B55698FF9C7ED1AC2C76EECFF3CF3F.1) (Version: 1.5 - Adobe Systems Incorporated)

Adobe Captivate Quiz Results Analyzer (Version: 1.5 - Adobe Systems Incorporated) Hidden

Adobe Captivate Reviewer (HKLM\...\AdobeCaptivateReviewer2.5.D22673E681B55698FF9C7ED1AC2C76EECFF3CF3F.1) (Version: 2.5 - Adobe Systems Incorporated)

Adobe Captivate Reviewer (Version: 2.5 - Adobe Systems Incorporated) Hidden

Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)

Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden

Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)

Adobe Creative Suite 5.5 Web Premium (HKLM\...\{B4749B38-C5BD-4A02-8E9F-C1EF7CCEA651}) (Version: 5.5 - Adobe Systems Incorporated)

Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )

Adobe Flash Player 10 ActiveX (HKLM\...\{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}) (Version: 10.3.181.14 - Adobe Systems Incorporated)

Adobe Flash Player 10 Plugin (HKLM\...\{B7BDAF22-9647-4846-8EA9-6E0A5B785651}) (Version: 10.3.181.14 - Adobe Systems Incorporated)

Adobe Muse (HKLM\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 7.4 - Adobe Systems Incorporated)

Adobe Muse (HKLM\...\AdobeMuse) (Version: 7.4.30 - Adobe Systems Incorporated)

Adobe Muse (Version: 7.4.30 - Adobe Systems Incorporated) Hidden

Adobe Photoshop Elements 10 (HKLM\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Photoshop Elements 10 (HKLM\...\DEC_Photoshop Elements) (Version: 10.0 - DMIG)

Adobe Photoshop Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Premiere Elements 10 Content (HKLM\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Premiere Elements 10 Content (Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Premiere Elements 10 Content 1 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Premiere Elements 10 Content 2 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Premiere Elements 10 Content 3 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Premiere Elements 10 HD Content 1 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Premiere Elements 10 HD Content 2 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Premiere Elements 10 HD Content 3 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Presenter 7 (HKLM\...\Adobe Presenter 7) (Version: 7.0.6 - Adobe Systems)

Adobe Presenter 7 (Version: 7.0 - Adobe Systems Inc.) Hidden

Adobe Shockwave Player 11.6 (HKLM\...\{D84A070E-2A31-464A-9830-39FAB5761D62}) (Version: 11.6.0.626 - Adobe Systems, Inc)

AdobeCaptivate32 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden

Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 1.3 Beta (Unicode)_is1 (HKLM\...\DEC_Audacity) (Version: 1.3.13 - DMIG)

Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)

Axife Mouse Recorder DEMO 5.01 (HKLM\...\Axife Mouse Recorder DEMO_is1) (Version:  - Axife Software)

B991B020-2968-11D8-AF23-444553540000_is1 (HKLM\...\DEC_Freemind) (Version: 0.9.0 - DMIG)

Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)

BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

CCA (HKLM\...\DEC_Colour Contrast Analyser) (Version: 2.2 - DMIG)

CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2568 - CDBurnerXP)

Celtx (2.9.1) (HKLM\...\Celtx (2.9.1)) (Version: 2.9.1 (en-US) - Greyfirst)

Celtx (2.9.1) (HKLM\...\DEC_Celtx) (Version: 2.9.1 - DMIG)

CNXT_AUDIO_HDA (HKLM\...\DEC_Conexant HD Audio) (Version: 8.32.27.0 - DMIG)

Combat Arms (HKLM\...\Combat Arms) (Version:  - )

Combined Community Codec Pack 2011-07-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)

Configuration Manager Client (Version: 4.00.6487.2000 - Microsoft Corporation) Hidden

Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)

Cybersafety Help Button (HKLM\...\au.gov.dbcde.cyber-safety.button) (Version: 1.0.11 - Department of Broadband, Communications and the Digital Economy)

Cybersafety Help Button (Version: 1.0.11 - Department of Broadband, Communications and the Digital Economy) Hidden

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Debut_1_48 (HKLM\...\DEC_Debut) (Version: 1.48 - DMIG)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)

DET NSW - Digital Education Revolution (HKLM\...\DET_OEM_Build) (Version: S4_0_0_x86 - )

DETNSW Adobe Web Premium CS5.5 x86 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden

Dia (remove only) (HKLM\...\Dia) (Version:  - )

Digital Editions (HKLM\...\DEC_Digital_Editions) (Version: 1.7.2 - DMIG)

EasySense Software (HKLM\...\{69CC48CF-1E31-4B04-98A1-87F9E45A13DC}) (Version: 2.08.0000 - Data Harvest Group Ltd)

Elements 10 Organizer (Version: 10.0 - Adobe Systems Incorporated) Hidden

F5 Networks VPN Client for Windows (HKLM\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 60.2009.1010.0312 - F5 Networks)

Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)

Finale NotePad 2011 (HKLM\...\DEC_Finale Notepad) (Version: 2011 - DMIG)

Finale NotePad 2011 (HKLM\...\Finale NotePad 2011) (Version: 2011..r2.2 - MakeMusic)

Fraps (remove only) (HKLM\...\Fraps) (Version:  - )

FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )

FX Multi Printer Drivers x86 (HKLM\...\DEC_FX Multi Printer Drivers x86) (Version: 2.7.1.4 - DMIG)

Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)

GeoGebra (HKLM\...\DEC_GeoGebra) (Version: 3.2.46.0 - DMIG)

Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)

Google Earth (HKLM\...\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}) (Version: 6.0.3.2197 - Google)

Google Earth (HKLM\...\DEC_Earth) (Version: 6.0.3.2197 - DMIG)

Google SketchUp 8 (HKLM\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Graphmatica (HKLM\...\{A4DBF0AF-CDA0-4F60-BEB9-0145865D9DFF}) (Version: 2.3.0.8 - kSoft)

HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)

Image Resizer for Windows (HKLM\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)

Image Resizer for Windows (Version: 3.0.4802.35565 - Brice Lambson) Hidden

Install Merge Module for Board (Version: 1.00.0000 - Your Company Name) Hidden

Integrated Camera (HKLM\...\Integrated Camera) (Version: 5.50.3.8 - Silicon Motion)

Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)

iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden

Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)

Java 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)

Kodu Game Lab (HKLM\...\{6DD1D809-EE6F-49EE-B3A4-D406C75AEC49}) (Version: 1.1.0 - Microsoft Research)

LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )

Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )

Lenovo Patch Utility (HKLM\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)

Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )

Local TCP Port Opener 1.1 (HKLM\...\Local TCP Port Opener_is1) (Version:  - Håkan Franzen)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Forefront Client Security Antimalware Service (HKLM\...\{4D4FC0FF-F197-401F-842E-E118F1D2647E}) (Version: 1.5.1996.1 - Microsoft Corporation)

Microsoft Forefront Client Security State Assessment Service (HKLM\...\{E8B56B38-A826-11DB-8C83-0011430C73A4}) (Version: 1.0.1703.0 - Microsoft Corporation)

Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden

Microsoft Mathematics (HKLM\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)

Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Research AutoCollage 2008 Academic Edition (HKLM\...\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}) (Version: 1.01.2008 - Microsoft Research)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft Visual C# 2010 Express - ENU (HKLM\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nexon Game Manager (HKLM\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )

Notepad++ (HKLM\...\Notepad++) (Version: 6.6.4 - Notepad++ Team)

On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.41.00 - )

Panasonic elite Panaboard (HKLM\...\{A6D95AEF-138A-4805-8AD4-84325CCD1914}) (Version: 4.21.001 - Panasonic)

Panasonic elite Panaboard Ink Note Software (HKLM\...\{82410B99-F69F-4AA0-B290-3DB5350B81D4}) (Version: 1.0.0 - Panasonic)

Panasonic elite Panaboard USB Driver (HKLM\...\{996945A3-2D3B-478C-81CB-FFBDEE766DA2}) (Version: 1.03.005 - Panasonic)

PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version:  - )

PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Pen Tablet Driver (HKLM\...\DEC_Bamboo Drivers) (Version: 5.2.5 - DMIG)

PRE10STIInstaller (Version: 1.0 - Adobe Systems Incorporated) Hidden

PSE10 STI Installer (Version: 10.0 - Adobe Systems Incorporated) Hidden

QuickMark (HKLM\...\{53B0213C-CC0C-4340-90BF-BFC7D3FE5BB4}) (Version: 3.8.0 - SimpleAct)

QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)

RuneScape Launcher 1.2.2 (HKLM\...\{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}) (Version: 1.2.2 - Jagex Ltd)

Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Scratch (HKLM\...\{2D64DBC2-99C8-4481-9D2A-1F8D4A245E95}) (Version: 1.4 - MIT Media Lab Lifelong Kindergarten)

Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)

Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)

SMART Common Platform (HKLM\...\{0E5DD7A3-BE29-430C-970B-C553F4A58C39}) (Version: 10.8.159.0 - SMART Technologies ULC)

SMART Education Software 2011 (HKLM\...\{A4E43135-BBC1-433A-B04A-A8F6FF0E6E23}) (Version: 10.8.205.0 - SMART Technologies ULC)

SMART Notebook (HKLM\...\{ED0FF410-41B9-441F-B457-4AC81782E8BF}) (Version: 10.8.364.0 - SMART Technologies ULC)

SMART Product Drivers (HKLM\...\{67E6410C-1E97-4D03-BEC2-8E83323A6BBD}) (Version: 10.8.212.0 - SMART Technologies ULC)

SRN (HKLM\...\{06003614-93D5-4792-B7FE-BED582ACB210}) (Version: 2.1 - Stuart Hasic)

Steam (HKLM\...\Steam) (Version:  - Valve Corporation)

Synthesia (HKLM\...\Synthesia) (Version: 9 - Synthesia LLC)

SynTPDeinstKey (HKLM\...\DEC_ThinkPad UltraNav Driver) (Version: 15.3.16.1 - DMIG)

ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - )

ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.62 - )

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.16.1 - )

ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)

ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.08 - Lenovo)

TuxGuitar (HKLM\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)

Uninversal Printer Driver PCL5 x86 (HKLM\...\DEC_Uninversal Printer Driver PCL5 x86) (Version: 5.3.0.10527 - DMIG)

Uninversal Printer Driver PCL6 x86 (HKLM\...\DEC_Uninversal Printer Driver PCL6 x86) (Version: 5.3.0.10527 - DMIG)

Uninversal Printer Driver PS x86 (HKLM\...\DEC_Uninversal Printer Driver PS x86) (Version: 5.3.0.10527 - DMIG)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

Vegas Pro 10.0 (HKLM\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)

Voxal Voice Changer (HKLM\...\Voxal) (Version: 1.03 - NCH Software)

Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.7-3 - Wacom Technology Corp.)

Wacom Tablet Driver (HKLM\...\DEC_Intuos Drivers) (Version: 5.2.5 - DMIG)

WebTablet FB Plugin (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)

WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)

WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)

Windows Driver Package - FTDI CDM Driver Package (06/28/2007 2.02.04) (HKLM\...\425CED78447CC5FFE1DC0AD9B03AB8257C4721FE) (Version: 06/28/2007 2.02.04 - FTDI)

Windows Driver Package - FTDI CDM Driver Package (06/28/2007 2.02.04) (HKLM\...\711A3E8A5AA6CD6C6C3B91CB4A926928DED722C9) (Version: 06/28/2007 2.02.04 - FTDI)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

z_Adobe Connect Add-in (HKLM\...\DEC_Connect Add-in) (Version: 9.4 r81 - DMIG)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 12:04 - 2014-05-03 17:26 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {12ADDE0D-387E-48A6-AF55-745411ABCE25} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)

Task: {39174EA4-1202-4182-B5EB-3923DAFD8020} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992Core => C:\Users\Alex.Zeng\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-12] (Facebook Inc.)

Task: {3BBB015D-513D-4323-92EF-671427CA8297} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2011-11-17] (Lenovo Group Limited)

Task: {4DA9C476-9636-45A4-890D-48AF858827A4} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Signature Update => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08] (Microsoft Corporation)

Task: {53CB7894-7D51-499B-AE1E-7B262FC78D31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-09] (Google Inc.)

Task: {83F5E55C-17DF-4C47-AEC3-542B7A6F93BE} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Scan => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08] (Microsoft Corporation)

Task: {88A46FFC-704E-4429-B48D-1206D2EF4BA7} - System32\Tasks\{40723F92-9B7B-464B-8E1D-112D8EDE693A} => C:\Program Files\Google\Google Earth\client\googleearth.exe [2011-11-17] (Google)

Task: {8F3DCE62-4C87-46A2-BE65-21260AA31AEB} - System32\Tasks\BGInfoLIS => C:\Program Files\BGInfo\Resource\RunBGInfo.vbs [2011-11-17] ()

Task: {A7590435-DCE2-4731-AB2E-9EC92D84B4A2} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Quick Scan => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08] (Microsoft Corporation)

Task: {C6987A42-B7E7-4EA9-AF36-D1B91D667E73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-09] (Google Inc.)

Task: {C749330C-040B-43CC-AF1A-A851C8427094} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992UA => C:\Users\Alex.Zeng\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-12] (Facebook Inc.)

Task: {E112375F-C175-4875-A2B9-BC47134857CB} - System32\Tasks\GPO Script Assistance => C:\Windows\DET\L4L_STARTUP_CHECK.vbs [2009-07-15] ()

Task: {F56B585B-FC6F-4921-8A8B-29F035C3CB43} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-25] (Piriform Ltd)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992Core.job => C:\Users\Alex.Zeng\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992UA.job => C:\Users\Alex.Zeng\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2009-09-01 05:31 - 2009-09-01 05:31 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-11-17 10:31 - 2011-11-17 10:30 - 00962936 _____ () C:\Program Files\Tablet\Pen\libxml2.dll

2011-11-17 10:32 - 2011-11-17 10:32 - 00962936 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll

2014-05-23 02:10 - 2014-05-23 02:10 - 00693920 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2011-11-17 10:38 - 2011-11-17 10:38 - 00044544 _____ () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL

2011-11-17 09:36 - 2011-11-17 09:35 - 00393216 _____ () C:\Windows\SMIKsLIB.dll

2011-11-17 09:36 - 2011-11-17 09:35 - 00274432 _____ () C:\Windows\system32\370prop.ax

2011-11-17 10:33 - 2011-11-17 10:33 - 00066856 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll

2012-05-01 12:02 - 2010-10-26 12:39 - 00049568 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

2011-11-17 09:36 - 2011-11-17 09:35 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll

2014-05-26 05:52 - 2014-05-26 05:52 - 32733088 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\HEX\libcef.dll

2014-08-30 15:44 - 2014-08-30 15:44 - 00297984 ____H () C:\Users\Administrator\AppData\Local\Temp\Google\update.exe

2014-05-23 02:10 - 2014-05-23 02:10 - 05341856 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

2014-05-12 22:22 - 2014-05-12 22:22 - 02217128 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\plugins\ExchangePlugin\ExManCoreLib\ExManZxpSign.dll

2014-08-16 09:47 - 2014-08-07 13:20 - 00718152 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\libglesv2.dll

2014-08-16 09:47 - 2014-08-07 13:20 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\libegl.dll

2014-08-16 09:47 - 2014-08-07 13:20 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll

2014-08-16 09:47 - 2014-08-07 13:20 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-08-16 09:47 - 2014-08-07 13:20 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FCSAM => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10499

 

Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10499

 

Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9501

 

Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9501

 

Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8456

 

Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8456

 

Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/31/2014 04:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7457

 

 

System errors:

=============

Error: (08/31/2014 05:41:55 PM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (08/31/2014 05:36:08 PM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (08/31/2014 04:18:30 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

 

Error: (08/31/2014 04:10:43 PM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (08/31/2014 04:10:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (08/31/2014 04:08:23 PM) (Source: FcsSas) (EventID: 10006) (User: )

Description: Forefront Client Security State Assessment Service policy applied with errors.

 

Reverted to the following settings:

 

Schedule Type: Interval

Time: 12

Parameter:

 

Error: (08/31/2014 04:03:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

cdrom

 

Error: (08/31/2014 04:03:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The BlueStacks Android Service service terminated with the following error: 

%%1064

 

Error: (08/31/2014 04:03:14 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)

Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 

a) Name Resolution failure on the current domain controller. 

b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

 

Error: (08/31/2014 04:03:13 PM) (Source: NETLOGON) (EventID: 5719) (User: )

Description: This computer was not able to set up a secure session with a domain

controller in domain DETNSW due to the following: 

%%1311

 

This may lead to authentication problems. Make sure that this

computer is connected to the network. If the problem persists,

please contact your domain administrator.

 

 

 

ADDITIONAL INFO

 

If this computer is a domain controller for the specified domain, it

sets up the secure session to the primary domain controller emulator in the specified

domain. Otherwise, this computer sets up the secure session to any domain controller

in the specified domain.

 

 

Microsoft Office Sessions:

=========================

Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10499

 

Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10499

 

Error: (08/31/2014 04:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9501

 

Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9501

 

Error: (08/31/2014 04:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8456

 

Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8456

 

Error: (08/31/2014 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/31/2014 04:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7457

 

 

==================== Memory info =========================== 

 

Processor: Intel® Celeron® CPU 857 @ 1.20GHz

Percentage of memory in use: 71%

Total physical RAM: 2987.9 MB

Available physical RAM: 849.22 MB

Total Pagefile: 5974.09 MB

Available Pagefile: 3278.25 MB

Total Virtual: 2047.88 MB

Available Virtual: 1884.48 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:298.09 GB) (Free:67.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1037376E)

Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014 01

Ran by Administrator (administrator) on SA428867866 on 31-08-2014 19:27:56

Running from C:\Users\Administrator\Downloads

Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe

(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Windows\System32\CCM\CcmExec.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

(Silicon Motion) C:\Windows\SMIKsSTI.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe

(Panasonic System Networks Co., Ltd.) C:\Program Files\Panasonic\elite Panaboard\EPBCONCT.exe

(Panasonic System Networks Co., Ltd.) C:\Program Files\Panasonic\elite Panaboard\EPBPenC.exe

(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Panasonic System Networks Co., Ltd.) C:\Program Files\Panasonic\elite Panaboard\EPBStylus.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

() C:\Users\Administrator\AppData\Local\Temp\Google\update.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [sMI_SSE_V5] => C:\Windows\SMIKsSTI.EXE [212992 2011-11-17] (Silicon Motion)

HKLM\...\Run: [DETBGInfo] => wscript.exe "C:\Program Files\BGInfo\Resource\RunBGInfo.vbs" /WallPaper

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2282792 2011-11-17] (Synaptics Incorporated)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [42344 2011-07-22] (Lenovo Group Limited)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2011-01-14] (Lenovo.)

HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [AdobeConnectProAddIns] => C:\Program Files\Adobe\Acrobat Connect Pro Add In Checker\runaddinchecker.vbs [186 2011-11-17] ()

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-07] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-06-07] (Adobe Systems Incorporated)

HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2903448 2011-06-07] (Adobe Systems Inc.)

HKLM\...\Run: [sMART Board Service] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [1761136 2011-07-13] (SMART Technologies)

HKLM\...\Run: [EPBConnect] => C:\Program Files\Panasonic\elite Panaboard\EPBCONCT.exe [425984 2011-06-16] (Panasonic System Networks Co., Ltd.)

HKLM\...\Run: [EPBPenC] => C:\Program Files\Panasonic\elite Panaboard\EPBPenC.exe [352256 2011-06-13] (Panasonic System Networks Co., Ltd.)

HKLM\...\Run: [EPBPreLoader] => C:\Program Files\Panasonic\elite Panaboard\elite Panaboard software\PreLoader.exe [14848 2011-04-27] (Panasonic System Networks Co., Ltd.)

HKLM\...\Run: [Microsoft Forefront Client Security Antimalware Service] => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe [1033600 2011-02-02] (Microsoft Corporation)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49568 2010-10-26] ()

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM\...\Run: [blueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)

HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKU\S-1-5-21-2848396421-790072867-494017664-500\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2848396421-790072867-494017664-500\...\Run: [pWtnCEiC6c] => C:\Users\Administrator\AppData\Roaming\YBtpCGXR\MpmZmiu.exe [297984 2014-08-30] ()

HKU\S-1-5-21-2848396421-790072867-494017664-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Temp\Google\update.exe [297984 2014-08-30] () <===== ATTENTION

Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Alex.Zeng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()

ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()

ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.det.nsw.edu.au

SearchScopes: HKLM - DefaultScope {EBC5FDD5-D30D-46DC-B513-B4F4167EEAF6} URL = http://www.google.com.au/search?q={searchTerms}

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {EBC5FDD5-D30D-46DC-B513-B4F4167EEAF6} URL = http://www.google.com.au/search?q={searchTerms}

SearchScopes: HKCU - DefaultScope {EBC5FDD5-D30D-46DC-B513-B4F4167EEAF6} URL = 

BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files/F5 VPN/F5_TMP/f5tunsrv.cab

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files/F5 VPN/F5_TMP/InstallerControl.cab

DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} file://C:/Program Files/F5 VPN/F5_TMP/msrdp.cab


DPF: {B8693DEF-98AC-43FC-AA00-E7D728334C80} file://C:/Program Files/F5 VPN/F5_TMP/ur5250x.cab



DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files/F5 VPN/F5_TMP/urxshost.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files/F5 VPN/F5_TMP/urxhost.cab

DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} file://C:/Program Files/F5 VPN/F5_TMP/urvncx.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-11-17]

FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-17]

 

Chrome: 

=======

CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-09]

CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-20]

CHR Extension: (GeoGebra) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-02-04]

CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-19]

CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-09]

CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-19]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-03-19] (Intel Corporation)

R2 CxAudMsg; C:\Windows\system32\CxAudMsg32.exe [190592 2010-12-17] (Conexant Systems Inc.)

R2 FCSAM; C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16896 2011-01-08] (Microsoft Corporation)

R2 FcsSas; C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [73120 2007-04-06] (Microsoft Corporation)

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-11-17] (Macrovision Europe Ltd.) [File not signed]

R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [41832 2011-07-22] (Lenovo Group Limited)

R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-11-17] (Lenovo Group Limited)

R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [60264 2011-07-22] (Lenovo Group Limited)

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2011-11-17] (Lenovo Group Limited)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]

R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-11-17] (Lenovo Group Limited)

R2 Rpcnet; C:\Windows\system32\rpcnet.exe [69792 2013-05-22] (Absolute Software Corp.)

R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2011-01-07] (Conexant Systems, Inc.)

S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)

S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [5429624 2011-11-17] (Wacom Technology, Corp.)

R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-11-17] (Lenovo Group Limited)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2699264 2011-11-17] (Broadcom Corporation)

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-01] (BlueStack Systems)

S3 epbkmdf; C:\Windows\system32\drivers\epbkmdf.sys [12424 2011-02-22] (Panasonic System Networks Co., Ltd.)

S3 epbmtusb; C:\Windows\system32\drivers\epbmtusb.sys [83592 2011-02-22] (Panasonic System Networks Co., Ltd.)

S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [53184 2007-06-27] (FTDI Ltd.)

S3 hidkmdf; C:\Windows\system32\drivers\hidkmdf.sys [9712 2011-07-13] (Windows ® Win 7 DDK provider)

R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [68208 2011-11-17] (Atheros Communications, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-31] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-11-17] (Intel Corporation)

R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [71296 2011-02-02] (Microsoft Corporation)

S3 NWLowRider; C:\Windows\system32\drivers\NWLowRider.sys [22768 2011-07-13] ()

S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)

S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [253544 2011-11-17] (Realtek Semiconductor Corp.)

R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11632 2011-07-13] (SMART Technologies ULC)

R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14704 2011-07-13] (SMART Technologies ULC)

R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [21872 2011-07-13] (SMART Technologies ULC)

S3 STI2303X; C:\Windows\System32\Drivers\STI2303X.sys [19440 2011-07-13] (Prolific Technology Inc.)

R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [185216 2011-11-17] (SMI)

R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx86.sys [45264 2014-06-28] ()

S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-31 19:27 - 2014-08-31 19:28 - 00027109 _____ () C:\Users\Administrator\Downloads\FRST.txt

2014-08-31 19:27 - 2014-08-31 19:28 - 00000000 ____D () C:\FRST

2014-08-31 19:27 - 2014-08-31 19:27 - 01095680 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe

2014-08-31 15:24 - 2014-08-31 16:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-31 15:24 - 2014-08-31 15:24 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-31 15:24 - 2014-08-31 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-31 15:23 - 2014-08-31 15:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-31 15:23 - 2014-08-31 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-31 15:23 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-31 15:23 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-31 15:23 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-31 15:21 - 2014-08-31 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-31 14:55 - 2014-06-25 11:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-30 15:57 - 2014-08-30 15:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.Kratos_498

2014-08-30 15:57 - 2014-08-30 15:57 - 00000000 ____D () C:\Users\Administrator\.paradox_store_32

2014-08-30 15:56 - 2014-08-30 15:57 - 01136385 _____ () C:\Users\Administrator\Downloads\kratos-gamepack.jar

2014-08-30 15:56 - 2014-08-30 15:57 - 00909920 _____ () C:\Users\Administrator\Downloads\client (6).jar

2014-08-30 15:44 - 2014-08-30 15:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\YBtpCGXR

2014-08-30 15:43 - 2014-08-30 15:47 - 00000000 ____D () C:\Users\Administrator\.allstarlegends

2014-08-30 15:43 - 2014-08-30 15:43 - 00413797 _____ () C:\Users\Administrator\Downloads\AllstarLegends.jar

2014-08-29 19:06 - 2014-08-29 19:06 - 00000000 ____D () C:\Users\Administrator\LletyaV4

2014-08-29 19:05 - 2014-08-29 19:05 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (3).jar

2014-08-29 18:12 - 2014-08-29 18:22 - 00000024 _____ () C:\Users\Alex.Zeng\random.dat

2014-08-29 18:12 - 2014-08-29 18:12 - 00000048 _____ () C:\Users\Alex.Zeng\jagex_cl_runescape_LIVE.dat

2014-08-28 19:40 - 2014-08-28 19:40 - 00056785 _____ () C:\Users\Administrator\Downloads\launcher592 (1).jar

2014-08-28 19:12 - 2014-08-28 19:17 - 21075147 _____ () C:\Users\Administrator\Downloads\h_basenames_1805372.csv

2014-08-27 18:40 - 2014-08-27 18:41 - 02677406 _____ () C:\Users\Administrator\Downloads\smf_2-0-8_install.zip

2014-08-25 08:51 - 2014-08-25 08:51 - 00074240 _____ () C:\Users\Alex.Zeng\Downloads\Exodus-Wear-Sizing-&-Names final.xls

2014-08-24 20:10 - 2014-08-24 20:10 - 00074240 _____ () C:\Users\Administrator\Downloads\Exodus-Wear-Sizing-&-Names final.xls

2014-08-23 17:32 - 2014-08-23 18:00 - 00000000 ____D () C:\Users\Administrator\.unlimitedrsps592

2014-08-23 17:32 - 2014-08-23 17:32 - 00056785 _____ () C:\Users\Administrator\Downloads\launcher592.jar

2014-08-20 15:20 - 2014-08-20 15:20 - 00793823 _____ () C:\Users\Administrator\Downloads\JR_Term2_19962001_2U.zip

2014-08-19 16:58 - 2014-08-19 17:00 - 00000000 ____D () C:\Users\Administrator\Desktop\2u papers

2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\Users\Administrator\Desktop\Mathematics

2014-08-16 20:01 - 2014-08-16 20:01 - 00256714 _____ () C:\Users\Administrator\Downloads\LletyaV3.jar

2014-08-16 19:58 - 2014-08-16 19:58 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (2).jar

2014-08-16 19:43 - 2014-08-16 19:43 - 00925594 _____ () C:\Users\Administrator\Downloads\530 client sauce (1).zip

2014-08-16 14:03 - 2014-08-16 14:04 - 00000000 ____D () C:\Users\Administrator\Feather_Cache1

2014-08-16 13:57 - 2014-08-16 13:58 - 00000000 ____D () C:\Users\Administrator\Desktop\Official Feather Client

2014-08-16 13:55 - 2014-08-16 13:56 - 07440401 _____ () C:\Users\Administrator\Downloads\Official Feather Client.zip

2014-08-16 13:54 - 2014-08-16 13:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Pure 667 Feather Server

2014-08-16 13:53 - 2014-08-16 13:51 - 443929064 _____ () C:\Users\Administrator\Desktop\Pure 667 Feather Server.zip

2014-08-16 13:50 - 2014-08-16 13:51 - 443929064 _____ () C:\Users\Administrator\Downloads\Pure 667 Feather Server.zip

2014-08-16 11:29 - 2014-08-16 11:30 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (8).jar

2014-08-14 20:14 - 2014-08-14 20:16 - 06270240 _____ () C:\Users\Alex.Zeng\Downloads\Senior Geography Project.zip

2014-08-14 20:05 - 2014-08-21 12:21 - 00000000 ____D () C:\Users\Alex.Zeng\Desktop\Senior Geography Project Year 11 2014 by Alex Zeng

2014-08-14 19:07 - 2014-08-14 19:09 - 06270240 _____ () C:\Users\Administrator\Downloads\Senior Geography Project.zip

2014-08-11 18:42 - 2014-08-11 18:42 - 02962875 _____ () C:\Users\Administrator\Downloads\PkHonor.jar

2014-08-11 18:42 - 2014-08-11 18:42 - 00000000 ____D () C:\Users\Administrator\PkHonor

2014-08-10 10:55 - 2014-08-10 10:53 - 01826598 _____ () C:\Users\Administrator\Desktop\LaunchLletya (1).jar

2014-08-10 10:53 - 2014-08-10 10:53 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (1).jar

2014-08-09 16:39 - 2014-08-09 16:41 - 00000000 ____D () C:\Users\Administrator\.ss2

2014-08-09 16:39 - 2014-08-09 16:39 - 00018163 _____ () C:\Users\Administrator\Downloads\Soulsplit (1).jar

2014-08-09 16:28 - 2014-08-09 16:28 - 00000000 ____D () C:\Users\Administrator\Entrana

2014-08-09 16:27 - 2014-08-09 16:27 - 00012701 _____ () C:\Users\Administrator\Downloads\Entrana Updater.jar

2014-08-09 16:27 - 2014-08-09 16:27 - 00000000 ____D () C:\Users\Administrator\EntranaLoader

2014-08-09 15:23 - 2014-08-09 15:24 - 00000000 ____D () C:\Users\Administrator\Extinction1

2014-08-09 15:19 - 2014-08-09 15:21 - 00000000 ____D () C:\Users\Administrator\Desktop\The Poanizer Project Source

2014-08-09 15:14 - 2014-08-09 15:15 - 488648522 _____ () C:\Users\Administrator\Downloads\The Poanizer Project Source.zip

2014-08-09 14:38 - 2014-08-16 09:47 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-08-09 14:38 - 2014-08-09 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-08-09 14:35 - 2014-08-31 18:40 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-09 14:35 - 2014-08-31 16:04 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-09 14:34 - 2014-08-09 14:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment

2014-08-09 14:34 - 2014-08-09 14:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0

2014-08-09 13:47 - 2014-08-29 19:06 - 00247025 _____ () C:\Users\Administrator\LletyaV3.jar

2014-08-09 13:47 - 2014-08-09 13:47 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya.jar

2014-08-09 13:46 - 2014-08-16 19:58 - 00000000 ____D () C:\Users\Administrator\LletyaV3

2014-08-09 10:30 - 2014-08-09 10:30 - 00000000 ____D () C:\Users\Administrator\Desktop\client (1)

2014-08-09 10:16 - 2014-08-09 10:24 - 95635624 _____ () C:\Users\Administrator\Desktop\client (1).rar

2014-08-09 09:38 - 2014-08-09 09:38 - 00552377 _____ () C:\Users\Administrator\Downloads\client (5).jar

2014-08-09 09:18 - 2014-08-09 09:18 - 00000000 ____D () C:\Users\Administrator\.ikov_cache

2014-08-09 09:17 - 2014-08-09 09:18 - 00552377 _____ () C:\Users\Administrator\Downloads\client (4).jar

2014-08-09 09:08 - 2014-08-09 09:08 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (7).jar

2014-08-08 17:00 - 2014-08-08 17:01 - 00000000 ____D () C:\Users\Alex.Zeng\.ss2

2014-08-08 17:00 - 2014-08-08 17:00 - 00018163 _____ () C:\Users\Alex.Zeng\Downloads\Soulsplit.jar

2014-08-08 16:48 - 2014-08-08 16:55 - 67778850 _____ () C:\Users\Alex.Zeng\Downloads\Electric Dance Off.mp4

2014-08-07 20:33 - 2014-08-07 20:33 - 00000000 ____D () C:\Users\Administrator\Documents\PCSX2

2014-08-07 20:29 - 2014-08-07 20:29 - 00001927 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk

2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ___HD () C:\Windows\msdownld.tmp

2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\Windows\system32\directx

2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2

2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\Program Files\PCSX2 1.2.1

2014-08-07 19:52 - 2014-08-07 19:57 - 10658408 _____ () C:\Users\Administrator\Downloads\pcsx2-1.2.1-r5875-setup.exe

2014-08-07 11:00 - 2014-08-07 11:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-06 15:14 - 2014-06-23 16:30 - 734281728 _____ () C:\Users\Administrator\Desktop\The Usual Suspects[1995]DvDrip[Eng]-Stealthmaster.avi

2014-08-06 15:12 - 2014-04-11 18:04 - 1465785852 ____R () C:\Users\Administrator\Desktop\Inglourious Basterds (2009) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi

2014-08-06 15:11 - 2014-08-08 22:54 - 00000000 ____D () C:\Users\Administrator\Desktop\The Truman Show (1998)

2014-08-06 15:11 - 2014-08-04 18:04 - 734734302 _____ () C:\Users\Administrator\Desktop\22.Jump.Street.2014.TS.XviD-SUMO.avi

2014-08-06 15:08 - 2014-08-09 09:19 - 00000000 ____D () C:\Users\Administrator\Desktop\The Monuments Men (2014) [1080p]

2014-08-06 15:06 - 2014-08-06 15:08 - 00000000 ____D () C:\Users\Administrator\Desktop\The Amazing Spiderman (2012) [1080p]

2014-08-06 15:06 - 2014-08-06 15:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Imagine Dragons - Night Visions (Deluxe Version) 2013 Indie Rock 320kbps CBR MP3 [VX] [P2PDL]

2014-08-05 11:09 - 2014-06-18 11:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-08-05 11:09 - 2014-06-18 10:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-05 11:09 - 2014-06-07 10:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-05 11:09 - 2014-06-07 09:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-05 11:09 - 2014-06-07 09:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-05 11:09 - 2014-06-07 09:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-05 11:09 - 2014-06-07 09:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-05 11:09 - 2014-06-07 09:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-05 11:09 - 2014-06-07 09:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-05 11:09 - 2014-06-07 08:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-05 11:09 - 2014-06-07 08:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-05 11:09 - 2014-06-07 08:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-05 11:09 - 2014-06-07 08:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-05 11:09 - 2014-06-07 08:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-05 11:09 - 2014-06-07 08:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-05 11:09 - 2014-06-07 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-05 11:09 - 2014-06-07 08:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-05 11:09 - 2014-06-07 08:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-05 11:09 - 2014-06-07 08:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-05 11:09 - 2014-06-07 08:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-05 11:09 - 2014-06-07 08:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-05 11:09 - 2014-06-07 08:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-05 11:09 - 2014-06-07 08:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-05 11:08 - 2014-06-06 19:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-08-05 11:08 - 2014-05-30 16:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-08-05 11:02 - 2014-05-30 17:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-08-05 11:02 - 2014-05-30 17:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-08-05 11:02 - 2014-05-30 17:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-08-05 11:02 - 2014-05-30 17:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-08-05 11:02 - 2014-05-30 17:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-08-05 11:02 - 2014-05-30 17:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-08-05 11:02 - 2014-05-30 17:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-08-05 11:01 - 2014-06-30 11:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-05 11:01 - 2014-06-30 11:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-05 11:00 - 2014-06-06 00:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-08-04 17:29 - 2014-08-04 17:29 - 00000000 ____D () C:\Users\Alex.Zeng\PkHonor

2014-08-04 17:24 - 2014-08-04 17:28 - 02962875 _____ () C:\Users\Alex.Zeng\Downloads\PkHonor.jar

2014-08-03 10:06 - 2014-08-03 10:06 - 00000014 _____ () C:\Users\Administrator\uid.dat

2014-08-03 09:59 - 2014-08-03 10:37 - 00000000 ____D () C:\Users\Administrator\.ultimatescape

2014-08-03 09:57 - 2014-08-03 09:57 - 00010342 _____ () C:\Users\Administrator\Downloads\US2Launcher.jar

2014-08-02 14:59 - 2014-08-02 15:00 - 00000000 ____D () C:\Users\Administrator\2006-Memorys

2014-08-02 14:59 - 2014-08-02 14:59 - 00322132 _____ () C:\Users\Administrator\Downloads\client (3).jar

2014-08-02 14:48 - 2014-08-02 14:48 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (6).jar

2014-08-02 13:43 - 2014-08-02 13:43 - 00000000 _____ () C:\Windows\system32\npcs.txt

2014-08-02 13:35 - 2014-08-02 13:43 - 00000000 ____D () C:\Users\Administrator\enchanta_data2

2014-08-02 13:35 - 2014-08-02 13:35 - 00000000 ____D () C:\Windows\.wms32_32

2014-08-02 13:34 - 2014-08-02 13:34 - 00009355 _____ () C:\Users\Administrator\Downloads\client (2).zip

2014-08-02 09:12 - 2014-08-02 09:14 - 00000000 ____D () C:\Users\Administrator\.allgofree

2014-08-02 09:12 - 2014-08-02 09:12 - 00000000 ____D () C:\Users\Administrator\Desktop\RuneRebels

2014-08-02 09:06 - 2014-08-02 09:06 - 00075144 _____ () C:\Users\Administrator\Downloads\RuneRebels (1).zip

2014-08-02 09:03 - 2014-08-02 09:09 - 00000000 ____D () C:\Users\Administrator\runeprojectv4cache

2014-08-02 09:03 - 2014-08-02 09:03 - 00251540 _____ () C:\Users\Administrator\RuneProjectLoading.jar

2014-08-02 09:03 - 2014-08-02 09:03 - 00030330 _____ () C:\Users\Administrator\Downloads\RuneProjectLoader.jar

2014-08-02 09:03 - 2014-08-02 09:03 - 00000004 _____ () C:\Users\Administrator\clientvers.dat

2014-08-02 08:55 - 2014-08-02 08:55 - 00925594 _____ () C:\Users\Administrator\Downloads\530 client sauce.zip

2014-08-01 18:11 - 2014-08-01 18:16 - 00000053 _____ () C:\Users\Administrator\athens_cl_athens_LIVE.dat

2014-08-01 18:11 - 2014-08-01 18:11 - 00000000 ____D () C:\Users\Administrator\athenian.cache

2014-08-01 18:09 - 2014-08-01 18:09 - 03126000 _____ () C:\Users\Administrator\Downloads\Athens.jar

2014-08-01 12:16 - 2014-08-01 12:16 - 04202496 _____ () C:\Users\Administrator\Desktop\ksdlfhsaidufiousad.pub

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-31 19:28 - 2014-08-31 19:27 - 00027109 _____ () C:\Users\Administrator\Downloads\FRST.txt

2014-08-31 19:28 - 2014-08-31 19:27 - 00000000 ____D () C:\FRST

2014-08-31 19:27 - 2014-08-31 19:27 - 01095680 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe

2014-08-31 19:09 - 2012-04-27 07:51 - 01198953 _____ () C:\Windows\WindowsUpdate.log

2014-08-31 18:40 - 2014-08-09 14:35 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-31 18:05 - 2013-04-12 18:00 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992UA.job

2014-08-31 18:05 - 2013-04-12 18:00 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2977299124-1876462163-2290217735-882992Core.job

2014-08-31 17:30 - 2012-04-27 07:48 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe

2014-08-31 16:18 - 2009-07-14 14:34 - 00019312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-31 16:18 - 2009-07-14 14:34 - 00019312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-31 16:07 - 2011-11-17 10:11 - 00000461 _____ () C:\Windows\SMSCFG.INI

2014-08-31 16:05 - 2014-08-31 15:24 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-31 16:04 - 2014-08-09 14:35 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-31 16:03 - 2014-01-29 10:45 - 00009014 _____ () C:\Windows\setupact.log

2014-08-31 16:03 - 2011-11-17 13:23 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll

2014-08-31 16:03 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-31 16:02 - 2014-05-05 17:28 - 00037188 _____ () C:\Windows\PFRO.log

2014-08-31 16:02 - 2009-07-14 14:52 - 00000000 ____D () C:\Windows\addins

2014-08-31 15:24 - 2014-08-31 15:24 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-31 15:24 - 2014-08-31 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-31 15:24 - 2014-08-31 15:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-31 15:23 - 2014-08-31 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-31 15:23 - 2014-08-31 15:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-31 15:00 - 2012-08-27 09:21 - 00000123 __RSH () C:\ProgramData\3002.xml

2014-08-31 14:49 - 2010-11-21 07:01 - 00006388 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-30 17:26 - 2013-10-29 15:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype

2014-08-30 15:57 - 2014-08-30 15:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.Kratos_498

2014-08-30 15:57 - 2014-08-30 15:57 - 00000000 ____D () C:\Users\Administrator\.paradox_store_32

2014-08-30 15:57 - 2014-08-30 15:56 - 01136385 _____ () C:\Users\Administrator\Downloads\kratos-gamepack.jar

2014-08-30 15:57 - 2014-08-30 15:56 - 00909920 _____ () C:\Users\Administrator\Downloads\client (6).jar

2014-08-30 15:57 - 2012-10-09 15:54 - 00000000 ____D () C:\Users\Administrator

2014-08-30 15:47 - 2014-08-30 15:43 - 00000000 ____D () C:\Users\Administrator\.allstarlegends

2014-08-30 15:44 - 2014-08-30 15:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\YBtpCGXR

2014-08-30 15:43 - 2014-08-30 15:43 - 00413797 _____ () C:\Users\Administrator\Downloads\AllstarLegends.jar

2014-08-29 19:22 - 2012-10-09 15:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity

2014-08-29 19:06 - 2014-08-29 19:06 - 00000000 ____D () C:\Users\Administrator\LletyaV4

2014-08-29 19:06 - 2014-08-09 13:47 - 00247025 _____ () C:\Users\Administrator\LletyaV3.jar

2014-08-29 19:05 - 2014-08-29 19:05 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (3).jar

2014-08-29 18:22 - 2014-08-29 18:12 - 00000024 _____ () C:\Users\Alex.Zeng\random.dat

2014-08-29 18:12 - 2014-08-29 18:12 - 00000048 _____ () C:\Users\Alex.Zeng\jagex_cl_runescape_LIVE.dat

2014-08-29 18:12 - 2012-05-01 07:42 - 00000000 ____D () C:\Users\Alex.Zeng

2014-08-29 13:04 - 2012-04-27 09:16 - 00000000 ___HD () C:\Windows\DET

2014-08-29 12:01 - 2012-04-27 09:06 - 00001984 _____ () C:\Windows\system32\config\netlogon.ftl

2014-08-28 19:42 - 2014-01-07 18:06 - 00000046 _____ () C:\Users\Administrator\jagex_Runescape_preferences.dat

2014-08-28 19:40 - 2014-08-28 19:40 - 00056785 _____ () C:\Users\Administrator\Downloads\launcher592 (1).jar

2014-08-28 19:17 - 2014-08-28 19:12 - 21075147 _____ () C:\Users\Administrator\Downloads\h_basenames_1805372.csv

2014-08-27 18:41 - 2014-08-27 18:40 - 02677406 _____ () C:\Users\Administrator\Downloads\smf_2-0-8_install.zip

2014-08-27 09:15 - 2012-04-27 09:16 - 00199716 __RSH () C:\ProgramData\ntuser.pol

2014-08-25 08:51 - 2014-08-25 08:51 - 00074240 _____ () C:\Users\Alex.Zeng\Downloads\Exodus-Wear-Sizing-&-Names final.xls

2014-08-24 20:10 - 2014-08-24 20:10 - 00074240 _____ () C:\Users\Administrator\Downloads\Exodus-Wear-Sizing-&-Names final.xls

2014-08-23 18:00 - 2014-08-23 17:32 - 00000000 ____D () C:\Users\Administrator\.unlimitedrsps592

2014-08-23 17:32 - 2014-08-23 17:32 - 00056785 _____ () C:\Users\Administrator\Downloads\launcher592.jar

2014-08-22 15:46 - 2013-10-29 20:27 - 00000000 ____D () C:\Users\Alex.Zeng\AppData\Roaming\Skype

2014-08-22 15:34 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-08-21 12:21 - 2014-08-14 20:05 - 00000000 ____D () C:\Users\Alex.Zeng\Desktop\Senior Geography Project Year 11 2014 by Alex Zeng

2014-08-20 15:20 - 2014-08-20 15:20 - 00793823 _____ () C:\Users\Administrator\Downloads\JR_Term2_19962001_2U.zip

2014-08-19 17:00 - 2014-08-19 16:58 - 00000000 ____D () C:\Users\Administrator\Desktop\2u papers

2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\Users\Administrator\Desktop\Mathematics

2014-08-16 20:01 - 2014-08-16 20:01 - 00256714 _____ () C:\Users\Administrator\Downloads\LletyaV3.jar

2014-08-16 19:58 - 2014-08-16 19:58 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (2).jar

2014-08-16 19:58 - 2014-08-09 13:46 - 00000000 ____D () C:\Users\Administrator\LletyaV3

2014-08-16 19:50 - 2013-10-29 17:21 - 00000052 _____ () C:\Users\Administrator\jagex_cl_oldschool_LIVE.dat

2014-08-16 19:48 - 2014-07-25 16:57 - 00000000 ____D () C:\Users\Administrator\Desktop\Xenorune client

2014-08-16 19:43 - 2014-08-16 19:43 - 00925594 _____ () C:\Users\Administrator\Downloads\530 client sauce (1).zip

2014-08-16 14:04 - 2014-08-16 14:03 - 00000000 ____D () C:\Users\Administrator\Feather_Cache1

2014-08-16 13:58 - 2014-08-16 13:57 - 00000000 ____D () C:\Users\Administrator\Desktop\Official Feather Client

2014-08-16 13:56 - 2014-08-16 13:55 - 07440401 _____ () C:\Users\Administrator\Downloads\Official Feather Client.zip

2014-08-16 13:54 - 2014-08-16 13:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Pure 667 Feather Server

2014-08-16 13:51 - 2014-08-16 13:53 - 443929064 _____ () C:\Users\Administrator\Desktop\Pure 667 Feather Server.zip

2014-08-16 13:51 - 2014-08-16 13:50 - 443929064 _____ () C:\Users\Administrator\Downloads\Pure 667 Feather Server.zip

2014-08-16 11:30 - 2014-08-16 11:29 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (8).jar

2014-08-16 11:30 - 2014-05-24 12:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.arios_498

2014-08-16 09:50 - 2012-12-26 12:40 - 00000052 _____ () C:\Users\Administrator\jagex_cl_runescape_LIVE.dat

2014-08-16 09:47 - 2014-08-09 14:38 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-08-15 17:10 - 2012-05-01 07:45 - 00000000 ____D () C:\Users\Alex.Zeng\AppData\Roaming\Audacity

2014-08-14 20:16 - 2014-08-14 20:14 - 06270240 _____ () C:\Users\Alex.Zeng\Downloads\Senior Geography Project.zip

2014-08-14 19:09 - 2014-08-14 19:07 - 06270240 _____ () C:\Users\Administrator\Downloads\Senior Geography Project.zip

2014-08-13 18:49 - 2014-06-07 11:53 - 00000000 ____D () C:\Program Files\Steam

2014-08-11 18:42 - 2014-08-11 18:42 - 02962875 _____ () C:\Users\Administrator\Downloads\PkHonor.jar

2014-08-11 18:42 - 2014-08-11 18:42 - 00000000 ____D () C:\Users\Administrator\PkHonor

2014-08-11 12:05 - 2014-07-21 10:25 - 00000000 ____D () C:\Users\Alex.Zeng\Desktop\Cache Files

2014-08-10 10:53 - 2014-08-10 10:55 - 01826598 _____ () C:\Users\Administrator\Desktop\LaunchLletya (1).jar

2014-08-10 10:53 - 2014-08-10 10:53 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya (1).jar

2014-08-09 16:41 - 2014-08-09 16:39 - 00000000 ____D () C:\Users\Administrator\.ss2

2014-08-09 16:39 - 2014-08-09 16:39 - 00018163 _____ () C:\Users\Administrator\Downloads\Soulsplit (1).jar

2014-08-09 16:28 - 2014-08-09 16:28 - 00000000 ____D () C:\Users\Administrator\Entrana

2014-08-09 16:27 - 2014-08-09 16:27 - 00012701 _____ () C:\Users\Administrator\Downloads\Entrana Updater.jar

2014-08-09 16:27 - 2014-08-09 16:27 - 00000000 ____D () C:\Users\Administrator\EntranaLoader

2014-08-09 15:24 - 2014-08-09 15:23 - 00000000 ____D () C:\Users\Administrator\Extinction1

2014-08-09 15:21 - 2014-08-09 15:19 - 00000000 ____D () C:\Users\Administrator\Desktop\The Poanizer Project Source

2014-08-09 15:15 - 2014-08-09 15:14 - 488648522 _____ () C:\Users\Administrator\Downloads\The Poanizer Project Source.zip

2014-08-09 14:38 - 2014-08-09 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-08-09 14:38 - 2011-11-17 12:59 - 00000000 ____D () C:\Program Files\Google

2014-08-09 14:35 - 2014-08-09 14:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment

2014-08-09 14:34 - 2014-08-09 14:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0

2014-08-09 13:47 - 2014-08-09 13:47 - 01826598 _____ () C:\Users\Administrator\Downloads\LaunchLletya.jar

2014-08-09 10:30 - 2014-08-09 10:30 - 00000000 ____D () C:\Users\Administrator\Desktop\client (1)

2014-08-09 10:24 - 2014-08-09 10:16 - 95635624 _____ () C:\Users\Administrator\Desktop\client (1).rar

2014-08-09 09:38 - 2014-08-09 09:38 - 00552377 _____ () C:\Users\Administrator\Downloads\client (5).jar

2014-08-09 09:19 - 2014-08-06 15:08 - 00000000 ____D () C:\Users\Administrator\Desktop\The Monuments Men (2014) [1080p]

2014-08-09 09:18 - 2014-08-09 09:18 - 00000000 ____D () C:\Users\Administrator\.ikov_cache

2014-08-09 09:18 - 2014-08-09 09:17 - 00552377 _____ () C:\Users\Administrator\Downloads\client (4).jar

2014-08-09 09:08 - 2014-08-09 09:08 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (7).jar

2014-08-08 22:54 - 2014-08-06 15:11 - 00000000 ____D () C:\Users\Administrator\Desktop\The Truman Show (1998)

2014-08-08 17:01 - 2014-08-08 17:00 - 00000000 ____D () C:\Users\Alex.Zeng\.ss2

2014-08-08 17:00 - 2014-08-08 17:00 - 00018163 _____ () C:\Users\Alex.Zeng\Downloads\Soulsplit.jar

2014-08-08 16:55 - 2014-08-08 16:48 - 67778850 _____ () C:\Users\Alex.Zeng\Downloads\Electric Dance Off.mp4

2014-08-08 12:25 - 2010-11-21 10:31 - 00000000 ____D () C:\Program Files\Windows Journal

2014-08-07 21:31 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\rescache

2014-08-07 20:33 - 2014-08-07 20:33 - 00000000 ____D () C:\Users\Administrator\Documents\PCSX2

2014-08-07 20:29 - 2014-08-07 20:29 - 00001927 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk

2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ___HD () C:\Windows\msdownld.tmp

2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\Windows\system32\directx

2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2

2014-08-07 20:29 - 2014-08-07 20:29 - 00000000 ____D () C:\Program Files\PCSX2 1.2.1

2014-08-07 20:29 - 2014-02-22 17:58 - 00000000 ____D () C:\ProgramData\Package Cache

2014-08-07 19:57 - 2014-08-07 19:52 - 10658408 _____ () C:\Users\Administrator\Downloads\pcsx2-1.2.1-r5875-setup.exe

2014-08-07 13:55 - 2014-07-21 11:42 - 00000000 ____D () C:\Users\Alex.Zeng\Desktop\Maths in Focus

2014-08-07 11:06 - 2009-07-14 14:33 - 03805912 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-07 11:00 - 2014-08-07 11:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-06 15:08 - 2014-08-06 15:06 - 00000000 ____D () C:\Users\Administrator\Desktop\The Amazing Spiderman (2012) [1080p]

2014-08-06 15:06 - 2014-08-06 15:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Imagine Dragons - Night Visions (Deluxe Version) 2013 Indie Rock 320kbps CBR MP3 [VX] [P2PDL]

2014-08-05 11:15 - 2011-11-17 11:11 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-05 11:08 - 2013-09-01 11:17 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-05 11:03 - 2012-05-01 12:20 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-04 19:25 - 2012-12-26 12:34 - 00000000 ____D () C:\Program Files\Common Files\Steam

2014-08-04 18:04 - 2014-08-06 15:11 - 734734302 _____ () C:\Users\Administrator\Desktop\22.Jump.Street.2014.TS.XviD-SUMO.avi

2014-08-04 17:29 - 2014-08-04 17:29 - 00000000 ____D () C:\Users\Alex.Zeng\PkHonor

2014-08-04 17:28 - 2014-08-04 17:24 - 02962875 _____ () C:\Users\Alex.Zeng\Downloads\PkHonor.jar

2014-08-04 09:40 - 2014-07-21 10:24 - 05169152 _____ () C:\Users\Alex.Zeng\Desktop\Geo Cultural Adap.pub

2014-08-03 22:59 - 2014-07-24 20:31 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-08-03 22:59 - 2014-07-24 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-08-03 22:59 - 2013-10-29 15:23 - 00000000 ___RD () C:\Program Files\Skype

2014-08-03 22:59 - 2013-10-29 15:10 - 00000000 ____D () C:\Users\Alex.Zeng\AppData\Local\Skype

2014-08-03 22:59 - 2013-10-29 15:10 - 00000000 ____D () C:\ProgramData\Skype

2014-08-03 10:37 - 2014-08-03 09:59 - 00000000 ____D () C:\Users\Administrator\.ultimatescape

2014-08-03 10:06 - 2014-08-03 10:06 - 00000014 _____ () C:\Users\Administrator\uid.dat

2014-08-03 09:57 - 2014-08-03 09:57 - 00010342 _____ () C:\Users\Administrator\Downloads\US2Launcher.jar

2014-08-02 15:00 - 2014-08-02 14:59 - 00000000 ____D () C:\Users\Administrator\2006-Memorys

2014-08-02 14:59 - 2014-08-02 14:59 - 00322132 _____ () C:\Users\Administrator\Downloads\client (3).jar

2014-08-02 14:48 - 2014-08-02 14:48 - 00015665 _____ () C:\Users\Administrator\Downloads\arios-launcher (6).jar

2014-08-02 13:43 - 2014-08-02 13:43 - 00000000 _____ () C:\Windows\system32\npcs.txt

2014-08-02 13:43 - 2014-08-02 13:35 - 00000000 ____D () C:\Users\Administrator\enchanta_data2

2014-08-02 13:35 - 2014-08-02 13:35 - 00000000 ____D () C:\Windows\.wms32_32

2014-08-02 13:34 - 2014-08-02 13:34 - 00009355 _____ () C:\Users\Administrator\Downloads\client (2).zip

2014-08-02 09:14 - 2014-08-02 09:12 - 00000000 ____D () C:\Users\Administrator\.allgofree

2014-08-02 09:12 - 2014-08-02 09:12 - 00000000 ____D () C:\Users\Administrator\Desktop\RuneRebels

2014-08-02 09:09 - 2014-08-02 09:03 - 00000000 ____D () C:\Users\Administrator\runeprojectv4cache

2014-08-02 09:06 - 2014-08-02 09:06 - 00075144 _____ () C:\Users\Administrator\Downloads\RuneRebels (1).zip

2014-08-02 09:03 - 2014-08-02 09:03 - 00251540 _____ () C:\Users\Administrator\RuneProjectLoading.jar

2014-08-02 09:03 - 2014-08-02 09:03 - 00030330 _____ () C:\Users\Administrator\Downloads\RuneProjectLoader.jar

2014-08-02 09:03 - 2014-08-02 09:03 - 00000004 _____ () C:\Users\Administrator\clientvers.dat

2014-08-02 08:55 - 2014-08-02 08:55 - 00925594 _____ () C:\Users\Administrator\Downloads\530 client sauce.zip

2014-08-01 18:16 - 2014-08-01 18:11 - 00000053 _____ () C:\Users\Administrator\athens_cl_athens_LIVE.dat

2014-08-01 18:11 - 2014-08-01 18:11 - 00000000 ____D () C:\Users\Administrator\athenian.cache

2014-08-01 18:09 - 2014-08-01 18:09 - 03126000 _____ () C:\Users\Administrator\Downloads\Athens.jar

2014-08-01 16:31 - 2012-06-13 13:37 - 00021296 __RSH () C:\ProgramData\3002.abs

2014-08-01 13:14 - 2014-07-28 16:22 - 04205568 _____ () C:\Users\Administrator\Desktop\Geo Cultural Adap.pub

2014-08-01 12:16 - 2014-08-01 12:16 - 04202496 _____ () C:\Users\Administrator\Desktop\ksdlfhsaidufiousad.pub

 

Files to move or delete:

====================

C:\Users\Administrator\AppData\Local\Temp\Google\update.exe

C:\Users\Administrator\alotic_preferences.dat

C:\Users\Administrator\alotic_preferences2.dat

C:\Users\Administrator\athens_cl_athens_LIVE.dat

C:\Users\Administrator\clientvers.dat

C:\Users\Administrator\Exoria_cl_matrix_LIVE.dat

C:\Users\Administrator\jagex_cl_oldschool_LIVE.dat

C:\Users\Administrator\jagex_cl_runescape_LIVE.dat

C:\Users\Administrator\jagex_cl_runescape_LIVE_BETA.dat

C:\Users\Administrator\jagex_Runescape_preferences.dat

C:\Users\Administrator\jagex_Runescape_preferences2.dat

C:\Users\Administrator\jagex__preferences3.dat

C:\Users\Administrator\matrixii_cl_matrix_LIVE.dat

C:\Users\Administrator\matrixii_cl_matrix_LIVE1.dat

C:\Users\Administrator\Paradox_runescape_preferences.dat

C:\Users\Administrator\Paradox_runescape_preferences2.dat

C:\Users\Administrator\random.dat

C:\Users\Administrator\uid.dat

C:\Users\Alex.Zeng\Color2.bat

C:\Users\Alex.Zeng\jagex_cl_runescape_LIVE.dat

C:\Users\Alex.Zeng\random.dat

 

 

Some content of TEMP:

====================

C:\Users\Administrator\AppData\Local\Temp\ChangeIcon.exe

C:\Users\Administrator\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Administrator\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Administrator\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Administrator\AppData\Local\Temp\kiro.exe

C:\Users\Administrator\AppData\Local\Temp\NGMDll.dll

C:\Users\Administrator\AppData\Local\Temp\NGMResource.dll

C:\Users\Administrator\AppData\Local\Temp\unicows.dll

C:\Users\Administrator\AppData\Local\Temp\xmlUpdater.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\10411.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\bass.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\bassmod.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\bdfilters.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\cabex.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\EH.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\firefoxjre_exe-1.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\firefoxjre_exe-2.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\firefoxjre_exe-3.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\firefoxjre_exe-4.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\firefoxjre_exe.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\i4jdel0.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\JW1MC5.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\kzblq1nn.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\NGMDll.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\NGMResource.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\NGMSetup.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\RT.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\svd_dap.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\unelevate.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\unicows.dll

C:\Users\Alex.Zeng\AppData\Local\Temp\vcredist_x86.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\xmlUpdater.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\_inst1.exe

C:\Users\Alex.Zeng\AppData\Local\Temp\_inst2.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-27 20:12

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

 

Kevin...

 

 

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.