Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Root kit issue! Novice pc user, and help would be great.

Started by jayshica , Jan 07 2015 04:33 PM
virus rootkit maleware :(

  • Please log in to reply

#1
jayshica
Posted 07 January 2015 - 04:33 PM

jayshica

    Member

  • Member
  • PipPip
  • 15 posts

Thankyou for your time and I appreciate any help to get rid of this, I have never experienced this and it has caused some stress..

I went to download a addon for a game but I guess i hit the wrong download button downloading a rootkit- I know this because when I scanned on Mcafee it stopped at 98% and just said rootkit. I then went and installed many rootkit removals which none of them worked.. SO I did a fresh reformat saving nothing and I thought I ridden of the beast, and today when I tried to open my command promt under run i got this error "Is not recognized as an internal or external command, operable program or batch file" I looked online for solutions and one that fixed for many people was changing the Envireonmental Variables to Path:System 32.  I did this and no luck, did a fresh install of Java as well. So I found out via a individual in livechat it's most likely the rootkit...

 

I downloaded the OTL old timer scanner and here are the results...(It wouldnt let me add attachement because its 175mb which is over the limit to upload)


Thanks for your time and any help would be great :-(

 

OTL Extras logfile created on: 1/7/2015 3:47:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\josh\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 4.18 Gb Available Physical Memory | 52.58% Memory free
9.20 Gb Paging File | 5.02 Gb Available in Paging File | 54.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 891.66 Gb Total Space | 783.48 Gb Free Space | 87.87% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 24.86 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-PC | User Name: josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0290EFAD-8E6A-4521-8635-6EC0A4B9CFD4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{0539695C-1818-4947-A362-AA19B3C1FBD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0725D683-0269-4519-A25D-E08794AB56A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D725DCB-5560-4E64-AB1C-42C7AF2BDB26}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{125FB6F0-855F-4174-9A38-F3ECB0415AB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1662AE88-2BAA-4DBF-A255-1D2827ECBD57}" = lport=54045 | protocol=17 | dir=in | app=c:\program files\logitech gaming software\lcore.exe | 
"{1A771C10-79BB-4A7D-AA98-1A60C8B68CBC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1AAD8A07-8F09-49CE-A5C4-0FB337A43655}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2F4C2E02-6E40-4393-9790-2BAC000586FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3677A999-8788-4FFC-B8AB-998C4C7F7F8D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4CBBD30A-C97A-47BF-89E4-C36969AFEB14}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{56A51952-49B3-49DC-9A9B-F81E1B3C6805}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{6A391E78-2BCD-4494-8DBE-15A728A7399F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6BC66E89-04B6-4AFB-89AB-1DA33D256BF9}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{6EBB128E-533D-4975-B8C6-C0F1AB80B05C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7037B59F-BFF4-4D6B-BA72-B3887B58A40D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{76676B0D-1647-46D7-B9D7-1C1DAEAD45B6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{880639DC-5D33-4A80-A86F-F2BC17750996}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{91F2BF5D-36F2-45E8-AE02-C02B32F381DF}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{95129719-9418-4EAE-90CA-3C1E593D4253}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{96DC8AB2-4044-4559-B989-A11FA9BE7DC0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A90FF9C-0A91-418A-BB6C-EF362FE976EF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9DED09FB-C12F-48D2-9ECE-EC28706AD85A}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{A281025C-E749-4F6D-9043-4E775FE5EF4B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B1687800-29A6-4F6E-8072-FC7B946F53DA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C5928C41-24DD-4967-B1B2-15FFCBC6E22F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CC92F212-6CF6-4307-830E-3ED89BB37627}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CD6AFC05-4F30-46C9-953D-0D741F7C2230}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F5B576E2-348E-4109-88D3-9BD042CE190A}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E338B2-FE40-4D93-9D99-9BC2C8B46B58}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3634\agent.exe | 
"{0564E93B-E9C7-439C-AD4D-CA5CBCF4D01E}" = dir=in | name=evernote touch | 
"{0809C170-E861-4269-925A-97F13B5F1F15}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{0B506596-D9D7-4360-B005-7AD7DDBC293A}" = dir=in | name=skype | 
"{0BE03375-466C-44F5-AA7A-42BCD9362F39}" = protocol=6 | dir=out | app=system | 
"{0D158A4B-EC53-4CE2-BFB4-958A934C07E8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{111B10C7-4323-457B-9286-177092EC3344}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{1BB1F035-25EB-4105-A5D8-844561833D5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1EAFD676-1081-4537-A8FD-9CE3EDEB844B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1F6D7EFF-78E6-4587-ABF7-D101C4659990}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{1F920578-2236-44ED-8D85-8E49E2D89B77}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{201BF60F-36EF-48D3-AE78-B688A35B3DD8}" = dir=in | name=zinio | 
"{218FDA72-52C9-43C2-8FB1-122E4F13592E}" = dir=out | name=windows_ie_ac_001 | 
"{2284FBDD-80B3-4050-9A5B-42F69C469E50}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 
"{22AE10E5-171A-482E-9DD6-DDF1C3B3BCDB}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{237DBD80-5051-43F7-84E4-A443CDBD399C}" = dir=out | name=@{microsoft.zunevideo_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{2C4E6E91-1C1C-4F2A-B416-FFC0E7739989}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe | 
"{2CA61F2C-A046-40E6-A8E9-54C795F420A2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3634\agent.exe | 
"{2E925A5E-3F8D-47C4-87B7-35BA0A68C289}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3761CF50-78DF-4B9E-9E6A-058EC01F2DA8}" = dir=out | name=@{microsoft.bingweather_3.0.4.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | 
"{3A69E209-4896-4D47-AF79-3C9EF63024F5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4568049D-525B-4117-B977-D85663323310}" = dir=in | name=powerdvd for lenovo idea | 
"{4E49FC31-565B-4A36-A2A1-113399ABD402}" = dir=out | name=mcafee® central for lenovo | 
"{5078B952-E8F0-4B1F-86B3-76C08ABA93CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{518D7072-ACF1-446D-AF24-F4B5137EF739}" = protocol=58 | dir=in | [email protected],-28545 | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{559BAA61-2BB6-4051-BA3A-3574E1305B22}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5BBC094D-1F14-45A7-92A4-8596BC9AC380}" = protocol=58 | dir=out | [email protected],-28546 | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{5F7D683A-7456-48DA-A8EE-3AFB80E5BCC4}" = dir=out | name=@{microsoft.bingfinance_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{62D8FA9B-7477-487E-8BB7-4EC8130BCBE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6314019F-CCBA-4F39-BFA1-95374AB03E04}" = dir=out | name=zinio | 
"{677D2EBA-6CA9-439B-9C15-F4AD9357343D}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} | 
"{6C70F19E-020B-4639-9B1E-E193373853F6}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{6E7F6417-76BA-4104-9A5E-FEC53E6B4F0B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3634\agent.exe | 
"{704AD51C-D7DA-4748-B8FF-37EAE1DCB470}" = dir=out | name=kindle | 
"{773E7246-2295-419F-A458-112B209527E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{775C2FA6-9954-49D0-B9EE-57B7DEA3AEE6}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{778552BB-66E4-4C21-9E5A-C0DCEBC9BA9F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7F52A022-F16E-4FB4-9580-02702BC59C66}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{8441300C-4FBB-47AD-9F65-9E731E291F38}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{85B7ECFD-BCBF-4765-8CF1-B725CBF5726C}" = dir=in | name=mcafee® central for lenovo | 
"{88CCDA2C-D40E-41D0-BD77-357B67626EB9}" = dir=in | name=accuweather for windows 8 | 
"{8A7B37F0-C426-4FBA-8EAB-9F5339CBD8B8}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{8AE21006-F3F8-46E8-837A-6B6AAD505DB1}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.254_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{8AE8A900-B663-4FA0-A8FB-670C9423E8C8}" = dir=out | name=yousendit for lenovo | 
"{8B2DB2FE-49A8-4057-83F7-E070B79E428A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{8E2E1D48-D0F7-4A69-BBC9-58B3E3B703B4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{8E92EDA8-72F0-4B0D-BB1A-F07FC606A647}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{93E269B2-281A-46CC-B7F1-024D86E1C489}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{94C53CA2-4258-4E9D-9E3A-ED2426E1B353}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95582FA7-E78F-461D-B97C-4B904C8A9A83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{95FE4C55-042A-4205-8CB1-0E01891B208F}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{98EA646C-D0F7-4598-8B97-A6F1F807E271}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} | 
"{99C99A6F-D82F-4A9C-B61F-6428B012433A}" = dir=out | name=camera man | 
"{9C8C1ECD-7321-41A0-8ABE-945EF9C0906A}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{9CBA3AD5-36BF-4986-BFA0-9DD8910369DF}" = dir=out | name=powerdvd for lenovo idea | 
"{9DA84532-100D-4C72-872A-1B1051BBBA1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{9F610DCE-8695-44F0-B4E4-785DC978EC08}" = dir=out | name=companion | 
"{A33235CE-C674-449E-BAAA-279A14D5846C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3DC4305-F031-4B8E-831F-56A325B8C56A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{A6BC4068-8B70-4C10-AE74-8A810B7EC76A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{A8CADBA8-1FFA-4305-AA68-3B6352A4CCF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AEFF62DE-1D46-4D49-8BA5-8616C0389958}" = dir=out | name=rara music with lenovo | 
"{B2C375EE-78A3-43C7-9048-56E9A714CEE6}" = protocol=1 | dir=in | [email protected],-28543 | 
"{B2D1E73C-7B2E-4C06-8B3B-1EFBC0032B79}" = dir=out | name=skype | 
"{B6EF0354-EC73-484E-8756-A76127470EAD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BBC57BCA-3FC8-478E-A2FD-BDF95D928C82}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{BDD827DE-EE4A-4183-A9E0-17798AF28EAB}" = protocol=6 | dir=in | app=c:\program files\logitech gaming software\lcore.exe | 
"{BDE06AC8-3D6F-4B89-944F-D228B18E58F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE9BC0C7-F064-42ED-9527-8A4FEC8820EB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3634\agent.exe | 
"{C059E863-AC02-4C06-8879-A23D710EBD7A}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{C1E2E835-3DF3-4491-B16A-23423391E3E3}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe | 
"{C4636C72-F291-4452-B17F-83BE6CB68897}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C6E364EF-5552-46A2-A183-758B9BDC0FC5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8D740CC-31E1-4648-9C0D-5FF4E085C945}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe | 
"{CC2401E5-0C2F-4763-ADE0-34C3DFBCCE5F}" = dir=out | name=lenovo support | 
"{CC2ECD3F-2A1E-4EAA-8097-B4207778269A}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{CC68CE1B-9670-45F5-824B-8693BB5026B1}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{CF4F2E65-C6D1-466C-A0C3-20CA39744491}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe | 
"{CFDECBF3-3A10-45D2-A529-7912BB334BC4}" = dir=in | name=rara music with lenovo | 
"{D21FF113-DC2B-4FE8-8DC5-44891E6053F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D9AD26EA-A9FE-4D49-8BC0-DA33996C8795}" = dir=out | name=evernote touch | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DD50829E-EB22-45B9-BB4F-81B750D9709E}" = protocol=1 | dir=out | [email protected],-28544 | 
"{DE1D6B82-CB8A-4658-9AF1-D00A4655E38D}" = dir=out | name=@{microsoft.bingsports_3.0.4.244_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{DFE5F7A9-F3B9-4096-8427-371E0375D54A}" = dir=out | name=red karaoke for lenovo | 
"{E0ABDA7B-DB88-4A2C-B075-88F0E1D461E6}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{E5A4E698-A29F-433C-855A-476B03AA7268}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{E6183240-86FD-45D6-9C85-FC758E81A18F}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe | 
"{E67DBB77-BA04-47A0-ADC6-D114DD460E22}" = dir=out | name=accuweather for windows 8 | 
"{E69E67AE-C3B2-434E-8B01-543367AB5BDF}" = dir=out | name=@{microsoft.zunemusic_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{EE4139A6-C1F1-46A4-8FF8-583E5938E5B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{EE5D5968-FA98-4546-A49A-9F495418F337}" = dir=out | name=ebay | 
"{F0A231B7-22BA-4D85-8471-723D20E96C54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26634A79-2214-4083-B44C-7FB849E37771}" = Intel® PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F86418025F0}" = Java 8 Update 25 (64-bit)
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{302600C1-6BDF-4FD1-1307-148929CC1385}" = Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1337.1)
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}" = Nitro Pro 8
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4ac77ea0-e6ff-429b-a430-38aff1acac9f}" = Intel® PRO/Wireless Driver
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel® Rapid Storage Technology
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.18.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.33.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.18.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}" = Oracle VM VirtualBox 4.3.20
"35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E" = Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776)
"6BCA401E9CBEED970D75F55FA5320F60D11984E9" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288)
"Elantech" = Lenovo pointing device
"Lenovo VeriFace" = Lenovo VeriFace
"LenovoExperienceImprovement" = Lenovo Experience Improvement
"Logitech Gaming Software" = Logitech Gaming Software 8.57
"StageLight" = StageLight version 1.0.0.3508
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}" = Lenovo Reach
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}" = Intel® Update Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{72814a2c-2e03-4a50-b30a-43e7884b3934}" = Intel® PROSet/Wireless Software
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}" = Onekey Theater
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Avast" = Avast Internet Security
"Battle.net" = Battle.net
"Google Chrome" = Google Chrome
"Heroes of the Storm" = Heroes of the Storm
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Photos" = Lenovo Photos
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Maxthon3" = Maxthon Cloud Browser
"MSC" = McAfee LiveSafe – Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam" = Steam
"Steam App 730" = Counter-Strike: Global Offensive
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pokki" = Host App Service
"Pokki_Start_Menu" = Start Menu
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/3/2015 8:43:00 PM | Computer Name = Lenovo-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 1/4/2015 5:27:18 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/4/2015 5:27:18 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1188
 
Error - 1/4/2015 5:27:18 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1188
 
Error - 1/4/2015 5:54:46 PM | Computer Name = Lenovo-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 1/4/2015 6:28:25 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/4/2015 6:28:25 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1234
 
Error - 1/4/2015 6:28:25 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1234
 
Error - 1/5/2015 12:41:35 AM | Computer Name = Lenovo-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 1/5/2015 6:42:40 PM | Computer Name = Lenovo-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 1/1/2015 9:54:48 PM | Computer Name = Lenovo-PC | Source = nvlddmkm | ID = 11141133
Description = 
 
Error - 1/1/2015 9:54:48 PM | Computer Name = Lenovo-PC | Source = nvlddmkm | ID = 11141133
Description = 
 
Error - 1/1/2015 9:54:48 PM | Computer Name = Lenovo-PC | Source = nvlddmkm | ID = 11141133
Description = 
 
Error - 1/1/2015 9:54:48 PM | Computer Name = Lenovo-PC | Source = nvlddmkm | ID = 11141133
Description = 
 
Error - 1/1/2015 9:54:49 PM | Computer Name = Lenovo-PC | Source = nvlddmkm | ID = 11141133
Description = 
 
Error - 1/1/2015 9:54:49 PM | Computer Name = Lenovo-PC | Source = nvlddmkm | ID = 11141133
Description = 
 
Error - 1/1/2015 9:54:49 PM | Computer Name = Lenovo-PC | Source = nvlddmkm | ID = 11141133
Description = 
 
Error - 1/1/2015 9:54:49 PM | Computer Name = Lenovo-PC | Source = nvlddmkm | ID = 11141133
Description = 
 
Error - 1/1/2015 9:54:49 PM | Computer Name = Lenovo-PC | Source = nvlddmkm | ID = 11141133
Description = 
 
Error - 1/1/2015 9:54:49 PM | Computer Name = Lenovo-PC | Source = nvlddmkm | ID = 11141133
Description = 
 
 
< End of report >

Edited by jayshica, 07 January 2015 - 04:34 PM.

  • 0

Advertisements

#2
zep516
Posted 07 January 2015 - 05:36 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

From what I understand:
The hold up at scanning rootkits 98% seems to be a bug that will be fixed in a future release (McAfee.) To fix it yourself you can try Here

That's why your other rootkit scanners did not find any rootkits or as you said didn't work.

Can we have a closer look at the machine, and perhaps we can identify the command prompt issue.

Next
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
In your next reply post:
  • Frst.txt
  • Additions.txt

  • 0

#3
jayshica
Posted 07 January 2015 - 05:50 PM

jayshica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hey thanks for the response Zep! Yes Mcafee was the only one to detect the rootkit stopping at 98% other scanners did not.

FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by josh (administrator) on LENOVO-PC on 07-01-2015 17:38:49
Running from C:\Users\josh\Downloads
Loaded Profile: josh (Available profiles: josh)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Pokki) C:\Users\josh\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pokki) C:\Users\josh\AppData\Local\Pokki\Engine\HostAppService.exe
(Spotify Ltd) C:\Users\josh\AppData\Roaming\Spotify\spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pokki) C:\Users\josh\AppData\Local\Pokki\Engine\HostAppService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\josh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\josh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\josh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\josh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Pokki) C:\Users\josh\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(OldTimer Tools) C:\Users\josh\Downloads\OTL.exe
() C:\Users\josh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\josh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13648600 2013-08-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => RTFTrack.exe
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-01-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-01-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-27] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-629982708-3794164321-3459517327-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-629982708-3794164321-3459517327-1002\...\Run: [GoogleChromeAutoLaunch_DC48B780CB35ABEA64741A353B4FD05E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-629982708-3794164321-3459517327-1002\...\Run: [Spotify] => C:\Users\josh\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-30] (Spotify Ltd)
HKU\S-1-5-21-629982708-3794164321-3459517327-1002\...\RunOnce: [Application Restart #2] => C:\Users\josh\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2014-12-31] (Pokki)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-629982708-3794164321-3459517327-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-629982708-3794164321-3459517327-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-629982708-3794164321-3459517327-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-629982708-3794164321-3459517327-1002 -> DefaultScope {73EFA9DF-5700-426B-AD3D-2F8946B619EC} URL = 
SearchScopes: HKU\S-1-5-21-629982708-3794164321-3459517327-1002 -> {73EFA9DF-5700-426B-AD3D-2F8946B619EC} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-27]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-26]
CHR Extension: (Google Docs) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Drive) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-26]
CHR Extension: (YouTube) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-26]
CHR Extension: (Adblock Plus) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-27]
CHR Extension: (Google Search) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-26]
CHR Extension: (Proxy SwitchySharp) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2014-12-26]
CHR Extension: (Ratchet & Clank Future 2) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn [2014-12-26]
CHR Extension: (Avast SafePrice) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-07]
CHR Extension: (Google Sheets) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-26]
CHR Extension: (Avast Online Security) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-27]
CHR Extension: (Google Wallet) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
CHR Extension: (Gmail) - C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-27] (Avast Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-28] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-23] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-01-23] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-27] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-27] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-27] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-04] (ELAN Microelectronic Corp.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-15] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-23] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-26] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-09-04] (Razer Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-09-04] (Razer Inc)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-27] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 17:38 - 2015-01-07 17:39 - 00027895 _____ () C:\Users\josh\Downloads\FRST.txt
2015-01-07 17:38 - 2015-01-07 17:38 - 02124288 _____ (Farbar) C:\Users\josh\Downloads\FRST64.exe
2015-01-07 17:38 - 2015-01-07 17:38 - 00000000 ____D () C:\FRST
2015-01-07 16:22 - 2015-01-07 16:22 - 00067010 _____ () C:\Users\josh\Downloads\Extras.Txt
2015-01-07 16:22 - 2015-01-07 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-07 16:21 - 2015-01-07 16:21 - 00180760 _____ () C:\Users\josh\Downloads\OTL.Txt
2015-01-07 16:13 - 2015-01-07 16:15 - 00000000 ____D () C:\Users\josh\Documents\Heroes of the Storm
2015-01-07 15:46 - 2015-01-07 15:47 - 00602112 _____ (OldTimer Tools) C:\Users\josh\Downloads\OTL.exe
2015-01-07 15:46 - 2015-01-07 15:46 - 00001212 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-01-07 15:46 - 2015-01-07 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-01-07 15:38 - 2015-01-07 16:13 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-01-07 15:29 - 2015-01-07 15:29 - 00000000 _____ () C:\Users\josh\for
2015-01-07 12:58 - 2015-01-07 12:59 - 00000197 _____ () C:\windows\system32\2015-01-07-18-58-52.057-AvastVBoxSVC.exe-4852.log
2015-01-07 12:38 - 2015-01-07 12:38 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-07 12:38 - 2015-01-07 12:38 - 00000000 ____D () C:\Program Files\Java
2015-01-07 12:36 - 2015-01-07 12:37 - 92658088 _____ (Oracle Corporation) C:\Users\josh\Downloads\jre-8u25-windows-x64.exe
2015-01-07 12:22 - 2015-01-07 12:22 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-07 12:22 - 2015-01-07 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-07 12:21 - 2015-01-07 12:21 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-07 12:17 - 2015-01-07 12:17 - 00000247 _____ () C:\windows\system32\2015-01-07-18-17-30.024-aswFe.exe-9836.log
2015-01-07 12:13 - 2015-01-07 12:17 - 00000247 _____ () C:\windows\system32\2015-01-07-18-13-10.009-aswFe.exe-9404.log
2015-01-07 12:13 - 2015-01-07 12:13 - 00000197 _____ () C:\windows\system32\2015-01-07-18-13-07.065-AvastVBoxSVC.exe-6316.log
2015-01-07 11:54 - 2015-01-07 11:54 - 00000000 ____D () C:\ProgramData\Sun
2015-01-07 11:54 - 2015-01-07 11:54 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-07 11:53 - 2015-01-07 11:53 - 00638888 _____ (Oracle Corporation) C:\Users\josh\Downloads\chromeinstall-8u25.exe
2015-01-07 11:34 - 2015-01-07 11:34 - 00000197 _____ () C:\windows\system32\2015-01-07-17-34-24.061-AvastVBoxSVC.exe-3868.log
2015-01-07 11:34 - 2015-01-07 11:34 - 00000000 ____D () C:\Users\josh\VirtualBox VMs
2015-01-07 11:30 - 2015-01-07 11:30 - 00001103 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-01-07 11:30 - 2015-01-07 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-01-07 11:30 - 2014-11-24 12:07 - 00916024 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-01-07 11:29 - 2015-01-07 11:29 - 00000000 ____D () C:\Program Files\Oracle
2015-01-07 11:29 - 2014-11-24 12:07 - 00128080 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-01-07 11:14 - 2015-01-07 11:14 - 00000197 _____ () C:\windows\system32\2015-01-07-17-14-37.032-AvastVBoxSVC.exe-4128.log
2015-01-05 17:15 - 2015-01-05 17:37 - 1159342080 _____ () C:\Users\josh\Downloads\OSX-Mavericks.iso
2015-01-05 17:12 - 2015-01-07 11:44 - 00000000 ____D () C:\Users\josh\.VirtualBox
2015-01-05 17:08 - 2015-01-05 17:09 - 110587080 _____ (Oracle Corporation) C:\Users\josh\Downloads\VirtualBox-4.3.20-96997-Win.exe
2014-12-30 22:10 - 2014-12-30 22:10 - 00000000 ____D () C:\Users\josh\AppData\Roaming\Macromedia
2014-12-30 18:12 - 2015-01-07 10:30 - 00000000 ____D () C:\Users\josh\AppData\Local\Spotify
2014-12-30 18:12 - 2014-12-30 18:12 - 00001859 _____ () C:\Users\josh\Desktop\Spotify.lnk
2014-12-30 18:12 - 2014-12-30 18:12 - 00001845 _____ () C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-12-30 18:11 - 2015-01-07 15:48 - 00000000 ____D () C:\Users\josh\AppData\Roaming\Spotify
2014-12-30 18:11 - 2014-12-30 18:11 - 00137888 _____ (Spotify Ltd) C:\Users\josh\Downloads\SpotifySetup.exe
2014-12-30 15:31 - 2014-12-30 15:31 - 00000197 _____ () C:\windows\system32\2014-12-30-21-31-49.005-AvastVBoxSVC.exe-4544.log
2014-12-29 12:41 - 2014-12-29 12:41 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-12-29 12:22 - 2014-12-29 12:41 - 00000000 ____D () C:\Users\josh\AppData\Roaming\Apple Computer
2014-12-29 12:22 - 2014-12-29 12:22 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-29 12:22 - 2014-12-29 12:22 - 00000000 ____D () C:\Users\josh\AppData\Local\Apple Computer
2014-12-29 12:22 - 2014-12-29 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-29 12:22 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-12-29 12:21 - 2014-12-29 12:22 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-29 12:21 - 2014-12-29 12:22 - 00000000 ____D () C:\Program Files\iTunes
2014-12-29 12:21 - 2014-12-29 12:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-29 12:21 - 2014-12-29 12:21 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-29 12:21 - 2014-12-29 12:21 - 00000000 ____D () C:\Program Files\iPod
2014-12-29 12:20 - 2014-12-29 12:21 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-29 12:20 - 2014-12-29 12:20 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-29 12:20 - 2014-12-29 12:20 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-12-29 12:20 - 2014-12-29 12:20 - 00000000 ____D () C:\Users\josh\AppData\Local\Apple
2014-12-29 12:20 - 2014-12-29 12:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-29 12:15 - 2014-12-29 12:15 - 122418480 _____ (Apple Inc.) C:\Users\josh\Downloads\iTunes64Setup.exe
2014-12-27 23:30 - 2014-12-29 12:20 - 00000000 ____D () C:\ProgramData\Apple
2014-12-27 23:30 - 2014-12-27 23:30 - 00000000 ____D () C:\Users\josh\AppData\Local\Logitech
2014-12-27 23:30 - 2014-12-27 23:30 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-12-27 23:30 - 2014-12-27 23:30 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-27 23:30 - 2014-12-27 23:30 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-27 23:29 - 2014-12-27 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-12-27 08:34 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2014-12-27 05:08 - 2014-12-27 05:08 - 00000197 _____ () C:\windows\system32\2014-12-27-11-08-07.071-AvastVBoxSVC.exe-4116.log
2014-12-27 04:44 - 2014-12-27 04:45 - 00000197 _____ () C:\windows\system32\2014-12-27-10-44-50.074-AvastVBoxSVC.exe-3528.log
2014-12-27 04:21 - 2014-12-27 04:21 - 00000197 _____ () C:\windows\system32\2014-12-27-10-21-05.025-AvastVBoxSVC.exe-3600.log
2014-12-27 04:19 - 2014-11-26 15:10 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-27 04:19 - 2014-11-26 15:10 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-27 03:56 - 2014-12-27 03:56 - 00000197 _____ () C:\windows\system32\2014-12-27-09-56-23.079-AvastVBoxSVC.exe-4508.log
2014-12-27 03:15 - 2014-12-27 03:17 - 00000000 ____D () C:\windows\system32\MRT
2014-12-27 03:14 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-27 02:54 - 2014-12-27 02:54 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-27 02:52 - 2014-12-27 02:52 - 00000247 _____ () C:\windows\system32\2014-12-27-08-52-17.012-aswFe.exe-10848.log
2014-12-27 02:47 - 2014-05-08 01:14 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-27 02:47 - 2014-05-07 23:52 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-27 02:47 - 2014-05-07 22:57 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-27 02:47 - 2014-05-07 22:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-27 02:46 - 2014-12-27 02:52 - 00000247 _____ () C:\windows\system32\2014-12-27-08-46-32.005-aswFe.exe-10344.log
2014-12-27 02:46 - 2014-04-19 05:15 - 21186352 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-27 02:46 - 2014-04-19 00:49 - 18644072 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-27 02:46 - 2014-03-10 04:35 - 02008408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-12-27 02:46 - 2014-03-10 04:35 - 00377176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2014-12-27 02:46 - 2014-03-06 03:19 - 01287576 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-12-27 02:46 - 2014-03-06 03:02 - 01109424 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-12-27 02:46 - 2014-03-06 00:17 - 00835584 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-12-27 02:46 - 2014-03-06 00:10 - 01036288 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-12-27 02:46 - 2013-10-30 18:29 - 00236888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-12-27 02:46 - 2013-10-30 18:29 - 00124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2014-12-27 02:46 - 2013-10-30 18:28 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-12-27 02:45 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-12-27 02:45 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-12-27 02:44 - 2014-01-07 01:03 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\pcaui.exe
2014-12-27 02:44 - 2014-01-06 23:59 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\pcaui.exe
2014-12-27 02:39 - 2013-11-09 00:34 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\MDMAgent.exe
2014-12-27 02:39 - 2013-11-09 00:34 - 00287744 _____ (Microsoft Corporation) C:\windows\system32\mdmregistration.dll
2014-12-27 02:39 - 2013-11-08 23:52 - 00240128 _____ (Microsoft Corporation) C:\windows\SysWOW64\mdmregistration.dll
2014-12-27 02:31 - 2014-12-27 02:31 - 00302011 _____ () C:\Users\josh\Downloads\WindowsUpdateDiagnostic.diagcab
2014-12-27 02:26 - 2014-12-27 02:45 - 00000247 _____ () C:\windows\system32\2014-12-27-08-26-28.089-aswFe.exe-5360.log
2014-12-27 02:26 - 2014-12-27 02:26 - 00000197 _____ () C:\windows\system32\2014-12-27-08-26-26.053-AvastVBoxSVC.exe-9092.log
2014-12-27 02:20 - 2014-12-30 16:24 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-12-27 02:20 - 2014-12-27 02:20 - 00002057 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2014-12-27 02:20 - 2014-12-27 02:20 - 00001997 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-12-27 02:20 - 2014-12-27 02:20 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-12-27 02:20 - 2014-12-27 02:20 - 00000000 ____D () C:\windows\system32\vbox
2014-12-27 02:20 - 2014-12-27 02:20 - 00000000 ____D () C:\Users\josh\AppData\Roaming\AVAST Software
2014-12-27 02:20 - 2014-12-27 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-27 02:19 - 2014-12-27 02:20 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-27 02:19 - 2014-12-27 02:19 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-12-27 02:19 - 2014-12-27 02:19 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-27 02:19 - 2014-12-27 02:19 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-27 02:19 - 2014-12-27 02:19 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-27 02:19 - 2014-12-27 02:19 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-27 02:19 - 2014-12-27 02:19 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-27 02:19 - 2014-12-27 02:19 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-27 02:19 - 2014-12-27 02:19 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-27 02:19 - 2014-12-27 02:19 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-27 02:19 - 2014-12-27 02:19 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-12-27 02:18 - 2014-12-27 02:18 - 00449936 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-12-27 02:17 - 2014-12-27 02:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-27 02:16 - 2014-12-27 02:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-27 02:16 - 2014-12-27 02:16 - 04978536 _____ (AVAST Software) C:\Users\josh\Downloads\avast_internet_security_setup_online.exe
2014-12-27 02:01 - 2014-12-27 02:08 - 00003718 _____ () C:\windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-12-27 02:01 - 2014-12-27 02:01 - 00003476 _____ () C:\windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-12-27 02:01 - 2014-12-27 02:01 - 00000000 ____D () C:\ProgramData\Intel® Update Manager
2014-12-27 01:56 - 2015-01-07 16:42 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 01:55 - 2014-12-27 01:55 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 01:55 - 2014-12-27 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 01:55 - 2014-12-27 01:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 01:55 - 2014-12-27 01:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 01:55 - 2014-11-21 07:08 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-27 01:55 - 2014-11-21 07:07 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-27 01:55 - 2014-11-21 07:07 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-27 01:53 - 2014-12-27 01:53 - 20447120 _____ (Malwarebytes Corporation ) C:\Users\josh\Downloads\mbam_premium.exe
2014-12-27 01:49 - 2014-12-27 01:49 - 00002169 _____ () C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2014-12-27 01:44 - 2014-12-27 23:30 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-12-27 01:43 - 2014-12-27 01:43 - 67350808 _____ (Logitech Inc.) C:\Users\josh\Downloads\LGS_8.57.145_x64_Logitech.exe
2014-12-27 01:43 - 2014-12-27 01:43 - 00000000 ____D () C:\Users\josh\AppData\Roaming\Logitech
2014-12-27 01:43 - 2014-12-27 01:43 - 00000000 ____D () C:\Users\josh\AppData\Roaming\Logishrd
2014-12-26 15:26 - 2014-12-26 15:26 - 00009971 _____ () C:\windows\DirectX.log
2014-12-26 15:26 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2014-12-26 15:26 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2014-12-26 15:26 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll
2014-12-26 15:26 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2014-12-26 15:26 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2014-12-26 15:26 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2014-12-26 15:26 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2014-12-26 15:26 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2014-12-26 15:26 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2014-12-26 15:26 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll
2014-12-26 15:26 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll
2014-12-26 15:26 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll
2014-12-26 15:26 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_6.dll
2014-12-26 15:26 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll
2014-12-26 15:26 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll
2014-12-26 15:26 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll
2014-12-26 15:26 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2014-12-26 15:26 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2014-12-26 15:26 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_5.dll
2014-12-26 15:26 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_5.dll
2014-12-26 15:26 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_5.dll
2014-12-26 15:26 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll
2014-12-26 15:26 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_3.dll
2014-12-26 15:26 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_3.dll
2014-12-26 15:26 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll
2014-12-26 15:26 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_42.dll
2014-12-26 15:26 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll
2014-12-26 15:26 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
2014-12-26 15:26 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2014-12-26 15:26 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2014-12-26 15:26 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2014-12-26 15:26 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll
2014-12-26 15:26 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll
2014-12-26 15:26 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_42.dll
2014-12-26 15:26 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll
2014-12-26 15:26 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll
2014-12-26 15:26 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_4.dll
2014-12-26 15:26 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll
2014-12-26 15:26 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll
2014-12-26 15:26 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_6.dll
2014-12-26 15:26 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_41.dll
2014-12-26 15:26 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll
2014-12-26 15:26 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_41.dll
2014-12-26 15:26 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_41.dll
2014-12-26 15:26 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_41.dll
2014-12-26 15:26 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_41.dll
2014-12-26 15:26 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll
2014-12-26 15:26 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll
2014-12-26 15:26 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_3.dll
2014-12-26 15:26 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll
2014-12-26 15:26 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll
2014-12-26 15:26 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll
2014-12-26 15:26 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll
2014-12-26 15:26 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_5.dll
2014-12-26 15:26 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll
2014-12-26 15:26 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_40.dll
2014-12-26 15:26 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll
2014-12-26 15:26 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_40.dll
2014-12-26 15:26 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_40.dll
2014-12-26 15:26 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_40.dll
2014-12-26 15:26 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_2.dll
2014-12-26 15:26 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll
2014-12-26 15:26 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll
2014-12-26 15:26 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2014-12-26 15:26 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll
2014-12-26 15:26 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2014-12-26 15:26 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2014-12-26 15:26 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2014-12-26 15:26 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2014-12-26 15:26 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2014-12-26 15:26 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2014-12-26 15:26 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2014-12-26 15:26 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll
2014-12-26 15:26 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll
2014-12-26 15:26 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_1.dll
2014-12-26 15:26 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll
2014-12-26 15:26 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll
2014-12-26 15:26 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll
2014-12-26 15:26 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_4.dll
2014-12-26 15:26 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll
2014-12-26 15:26 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll
2014-12-26 15:26 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_38.dll
2014-12-26 15:26 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll
2014-12-26 15:26 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_38.dll
2014-12-26 15:26 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll
2014-12-26 15:26 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_38.dll
2014-12-26 15:26 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll
2014-12-26 15:26 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll
2014-12-26 15:26 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_0.dll
2014-12-26 15:26 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll
2014-12-26 15:26 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll
2014-12-26 15:26 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_3.dll
2014-12-26 15:26 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll
2014-12-26 15:26 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_37.dll
2014-12-26 15:26 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll
2014-12-26 15:26 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_37.dll
2014-12-26 15:26 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll
2014-12-26 15:26 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_37.dll
2014-12-26 15:26 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_10.dll
2014-12-26 15:26 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_10.dll
2014-12-26 15:26 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_2.dll
2014-12-26 15:26 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_2.dll
2014-12-26 15:26 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_36.dll
2014-12-26 15:26 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_36.dll
2014-12-26 15:26 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_36.dll
2014-12-26 15:26 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_36.dll
2014-12-26 15:26 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_36.dll
2014-12-26 15:26 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_36.dll
2014-12-26 15:26 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_9.dll
2014-12-26 15:26 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_9.dll
2014-12-26 15:26 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll
2014-12-26 15:26 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_35.dll
2014-12-26 15:26 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_35.dll
2014-12-26 15:26 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_35.dll
2014-12-26 15:26 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_35.dll
2014-12-26 15:26 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_35.dll
2014-12-26 15:26 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_8.dll
2014-12-26 15:26 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_8.dll
2014-12-26 15:26 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_34.dll
2014-12-26 15:26 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_34.dll
2014-12-26 15:26 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_34.dll
2014-12-26 15:26 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_34.dll
2014-12-26 15:26 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_34.dll
2014-12-26 15:26 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_34.dll
2014-12-26 15:26 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_7.dll
2014-12-26 15:26 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_7.dll
2014-12-26 15:26 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2014-12-26 15:26 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2014-12-26 15:26 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_33.dll
2014-12-26 15:26 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_33.dll
2014-12-26 15:26 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_33.dll
2014-12-26 15:26 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_33.dll
2014-12-26 15:26 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_33.dll
2014-12-26 15:26 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_33.dll
2014-12-26 15:26 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_1.dll
2014-12-26 15:26 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_1.dll
2014-12-26 15:26 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_6.dll
2014-12-26 15:26 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_6.dll
2014-12-26 15:26 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_5.dll
2014-12-26 15:26 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_5.dll
2014-12-26 15:26 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll
2014-12-26 15:26 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll
2014-12-26 15:26 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10.dll
2014-12-26 15:26 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10.dll
2014-12-26 15:26 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll
2014-12-26 15:26 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_31.dll
2014-12-26 15:26 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_4.dll
2014-12-26 15:26 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_4.dll
2014-12-26 15:26 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\windows\system32\xinput1_2.dll
2014-12-26 15:26 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_3.dll
2014-12-26 15:26 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_3.dll
2014-12-26 15:26 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_2.dll
2014-12-26 15:26 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_2.dll
2014-12-26 15:26 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_2.dll
2014-12-26 15:26 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll
2014-12-26 15:26 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_30.dll
2014-12-26 15:26 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_1.dll
2014-12-26 15:26 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_1.dll
2014-12-26 15:26 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\windows\system32\xinput1_1.dll
2014-12-26 15:26 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_1.dll
2014-12-26 15:26 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_29.dll
2014-12-26 15:26 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_29.dll
2014-12-26 15:26 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_0.dll
2014-12-26 15:26 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_0.dll
2014-12-26 15:26 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_0.dll
2014-12-26 15:26 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_0.dll
2014-12-26 15:26 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_28.dll
2014-12-26 15:26 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_28.dll
2014-12-26 15:26 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_27.dll
2014-12-26 15:26 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_27.dll
2014-12-26 15:26 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_26.dll
2014-12-26 15:26 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_26.dll
2014-12-26 15:26 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_25.dll
2014-12-26 15:26 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_25.dll
2014-12-26 15:26 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_24.dll
2014-12-26 15:26 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_24.dll
2014-12-26 15:15 - 2014-12-26 15:15 - 00001259 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-12-26 15:15 - 2014-12-26 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-12-26 15:12 - 2014-12-27 21:27 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-12-26 14:56 - 2015-01-07 17:38 - 00000000 ____D () C:\Users\josh\AppData\Local\Battle.net
2014-12-26 14:56 - 2014-12-26 15:11 - 00000000 ____D () C:\Users\josh\AppData\Roaming\Battle.net
2014-12-26 14:56 - 2014-12-26 14:56 - 00001167 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-12-26 14:56 - 2014-12-26 14:56 - 00000000 ____D () C:\Users\josh\AppData\Local\Blizzard Entertainment
2014-12-26 14:55 - 2015-01-07 16:13 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-26 14:55 - 2014-12-26 14:56 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-26 14:55 - 2014-12-26 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-12-26 14:52 - 2014-12-26 14:52 - 02868792 _____ (Blizzard Entertainment) C:\Users\josh\Downloads\Battle.net-Setup-enUS.exe
2014-12-26 14:52 - 2014-12-26 14:52 - 00000000 ____D () C:\ProgramData\Battle.net
2014-12-26 14:51 - 2014-12-26 14:51 - 00000219 _____ () C:\Users\josh\Desktop\Counter-Strike Global Offensive.url
2014-12-26 14:47 - 2015-01-07 17:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-26 14:47 - 2014-12-26 14:47 - 01142392 _____ () C:\Users\josh\Downloads\SteamSetup.exe
2014-12-26 14:47 - 2014-12-26 14:47 - 00000986 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-12-26 14:47 - 2014-12-26 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-26 14:43 - 2015-01-07 16:48 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 14:43 - 2015-01-07 15:18 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-26 14:43 - 2014-12-26 14:43 - 00003886 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-26 14:43 - 2014-12-26 14:43 - 00003650 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-26 14:43 - 2014-12-26 14:43 - 00002286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-26 14:43 - 2014-12-26 14:43 - 00000000 ____D () C:\Users\josh\AppData\Local\Google
2014-12-26 14:43 - 2014-12-26 14:43 - 00000000 ____D () C:\Users\josh\AppData\Local\Deployment
2014-12-26 14:43 - 2014-12-26 14:43 - 00000000 ____D () C:\Users\josh\AppData\Local\Apps\2.0
2014-12-26 14:43 - 2014-12-26 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-26 14:43 - 2014-12-26 14:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-26 14:24 - 2014-12-26 14:24 - 00000000 _____ () C:\Users\josh\agent.log
2014-12-26 14:23 - 2013-10-15 02:54 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-12-26 14:23 - 2013-10-15 02:03 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-12-26 14:17 - 2014-12-26 14:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-26 14:16 - 2014-12-12 18:47 - 00620176 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe
2014-12-26 14:16 - 2014-12-12 17:11 - 04151176 _____ () C:\windows\system32\nvcoproc.bin
2014-12-26 14:14 - 2014-12-13 04:08 - 32099472 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 25460552 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 24764232 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 20465808 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 17264312 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 13288360 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 13202520 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 10770120 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 10710160 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 10345280 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2014-12-26 14:14 - 2014-12-13 04:08 - 03610440 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 03248968 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 01895056 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6434709.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 01556624 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6434709.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 00968336 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 00942400 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 00928072 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 00906560 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 00496272 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 00399688 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 00391488 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 00346944 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2014-12-26 14:14 - 2014-12-13 04:08 - 00027983 _____ () C:\windows\system32\nvinfo.pb
2014-12-26 14:14 - 2014-10-09 11:02 - 00195728 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvhda64v.sys
2014-12-26 14:14 - 2014-10-09 11:02 - 00030536 _____ (NVIDIA Corporation) C:\windows\system32\nvhdap64.dll
2014-12-26 14:14 - 2014-10-09 01:17 - 01540240 _____ (NVIDIA Corporation) C:\windows\system32\nvhdagenco64.dll
2014-12-26 14:11 - 2014-12-26 14:11 - 00000000 ____D () C:\Users\josh\AppData\Local\NVIDIA Corporation
2014-12-26 14:11 - 2010-05-26 13:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2014-12-26 14:11 - 2010-05-26 13:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-12-26 14:11 - 2010-05-26 13:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2014-12-26 14:11 - 2010-05-26 13:41 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll
2014-12-26 14:11 - 2010-05-26 13:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-12-26 14:11 - 2010-05-26 13:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2014-12-26 14:10 - 2014-12-12 18:12 - 02824504 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2014-12-26 14:10 - 2014-12-12 18:12 - 02210040 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2014-12-26 14:10 - 2014-12-12 18:12 - 01715224 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
2014-12-26 14:10 - 2014-12-12 18:12 - 01291464 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll
2014-12-26 14:09 - 2014-12-26 14:11 - 00000000 ____D () C:\Users\josh\AppData\Local\NVIDIA
2014-12-26 14:09 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2014-12-26 14:09 - 2014-11-22 04:46 - 00035472 _____ (NVIDIA Corporation) C:\windows\system32\nvaudcap64v.dll
2014-12-26 14:09 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2014-12-26 14:08 - 2015-01-07 12:56 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0692CB12-7331-4469-9145-8FCA1454A58C}
2014-12-26 14:08 - 2014-12-26 14:08 - 00000000 ____D () C:\Users\josh\AppData\Local\Razer
2014-12-26 14:05 - 2014-12-26 14:05 - 00000000 ____D () C:\Users\josh\AppData\Local\Razer_Inc
2014-12-26 14:05 - 2014-12-10 14:43 - 00129600 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpnk.sys
2014-12-26 14:04 - 2014-12-09 16:21 - 00037184 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpmgrk.sys
2014-12-26 14:03 - 2015-01-07 16:48 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-629982708-3794164321-3459517327-1002
2014-12-26 14:03 - 2014-12-26 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-12-26 14:02 - 2014-12-26 14:02 - 00000000 ____D () C:\Users\Public\Pokki
2014-12-26 14:01 - 2015-01-07 15:17 - 00000000 ___RD () C:\Users\josh\SkyDrive
2014-12-26 14:01 - 2015-01-07 11:24 - 00002340 _____ () C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-26 14:01 - 2014-12-26 14:08 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-26 14:01 - 2014-12-26 14:05 - 00000000 ____D () C:\ProgramData\Razer
2014-12-26 13:59 - 2014-12-26 13:59 - 00000000 ____D () C:\Users\josh\AppData\Roaming\Intel Corporation
2014-12-26 13:58 - 2014-12-26 14:00 - 00000000 ____D () C:\Users\josh\AppData\Local\PackageStaging
2014-12-26 13:58 - 2014-12-26 13:58 - 00001453 _____ () C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 13:58 - 2014-12-26 13:58 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-12-26 13:58 - 2014-12-26 13:58 - 00000000 ____D () C:\Users\josh\AppData\Roaming\Adobe
2014-12-26 13:58 - 2014-12-26 13:58 - 00000000 ____D () C:\Users\josh\AppData\Local\VirtualStore
2014-12-26 13:58 - 2014-12-26 13:58 - 00000000 ____D () C:\ProgramData\Energy Management
2014-12-26 13:57 - 2015-01-07 15:29 - 00000000 ____D () C:\Users\josh
2014-12-26 13:57 - 2015-01-07 11:25 - 00000000 ____D () C:\Users\josh\AppData\Local\Pokki
2014-12-26 13:57 - 2014-12-26 14:01 - 00000000 ____D () C:\Users\josh\AppData\Local\Packages
2014-12-26 13:57 - 2014-12-26 13:57 - 00000020 ___SH () C:\Users\josh\ntuser.ini
2014-12-26 13:57 - 2014-12-26 13:57 - 00000000 ____D () C:\Users\josh\AppData\Roaming\Intel
2014-12-26 13:57 - 2014-12-26 13:57 - 00000000 ____D () C:\ProgramData\eBay
2014-12-26 13:57 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-26 13:57 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-26 13:57 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-26 13:57 - 2013-08-22 09:36 - 00000000 ____D () C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-26 09:49 - 2014-12-26 09:49 - 00000000 _____ () C:\Recovery.txt
2014-12-18 21:22 - 2014-12-18 21:22 - 00009728 _____ (Razer Inc.) C:\windows\SysWOW64\RzStats.IPC.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 17:36 - 2014-01-23 04:33 - 01393829 _____ () C:\windows\WindowsUpdate.log
2015-01-07 17:02 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
2015-01-07 16:22 - 2014-01-23 05:08 - 00001871 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2015-01-07 13:05 - 2013-10-07 12:27 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-07 12:58 - 2014-01-23 04:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-07 12:58 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-07 12:57 - 2014-01-23 05:14 - 00002560 _____ () C:\windows\system32\VfService.trf
2015-01-07 12:21 - 2014-01-23 05:15 - 00000000 ____D () C:\ProgramData\Office2013
2015-01-07 11:31 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-01-02 16:09 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-01-01 18:05 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\rescache
2014-12-30 23:26 - 2014-01-23 05:07 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-30 15:29 - 2014-01-23 05:07 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-30 15:28 - 2013-10-07 12:23 - 00005898 _____ () C:\windows\PFRO.log
2014-12-30 15:27 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ToastData
2014-12-30 15:27 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-30 15:27 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-30 15:27 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-30 15:27 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-30 14:22 - 2013-08-22 08:46 - 00019247 _____ () C:\windows\setupact.log
2014-12-27 22:14 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
2014-12-27 22:13 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
2014-12-27 22:07 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-12-27 08:34 - 2014-01-23 05:07 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-12-27 08:33 - 2013-08-22 09:36 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-12-27 04:18 - 2013-08-22 08:44 - 00369312 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-27 04:15 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\WinStore
2014-12-27 04:15 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\migwiz
2014-12-27 04:15 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-27 04:15 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\MediaViewer
2014-12-27 04:15 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\FileManager
2014-12-27 04:15 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Camera
2014-12-27 04:15 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-12-27 04:15 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\Dism
2014-12-27 02:59 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-27 02:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\Catroot2.old
2014-12-27 02:08 - 2014-01-23 04:48 - 00000000 ____D () C:\ProgramData\Intel
2014-12-27 02:01 - 2014-01-23 04:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-12-27 02:01 - 2014-01-23 04:38 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-27 01:44 - 2014-01-23 04:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-26 14:17 - 2014-01-23 04:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-26 14:15 - 2014-01-23 04:40 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-26 14:11 - 2014-01-23 04:41 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-26 14:04 - 2014-01-23 04:31 - 00096342 _____ () C:\windows\DPINST.LOG
2014-12-26 14:02 - 2014-01-23 05:15 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-12-26 13:58 - 2014-01-23 05:27 - 00082949 _____ () C:\windows\modules.log
2014-12-26 09:49 - 2013-10-07 12:24 - 00000000 __SHD () C:\Recovery
2014-12-26 09:49 - 2013-08-22 09:36 - 00262144 _____ () C:\windows\system32\config\BCD-Template
2014-12-13 04:08 - 2014-01-23 04:41 - 00074056 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2014-12-13 04:08 - 2014-01-23 04:41 - 00060560 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2014-12-13 04:08 - 2014-01-23 04:40 - 18594432 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2014-12-13 04:08 - 2014-01-23 04:40 - 16040184 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2014-12-13 04:08 - 2014-01-23 04:40 - 14128496 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2014-12-13 04:08 - 2014-01-23 04:40 - 03293136 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2014-12-13 04:08 - 2014-01-23 04:40 - 02897824 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2014-12-13 02:03 - 2014-01-23 04:41 - 06859408 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2014-12-13 02:03 - 2014-01-23 04:41 - 03513488 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2014-12-13 02:03 - 2014-01-23 04:41 - 02558608 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2014-12-13 02:03 - 2014-01-23 04:41 - 00935240 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2014-12-13 02:03 - 2014-01-23 04:41 - 00628040 _____ (NVIDIA Corporation) C:\windows\SysWOW64\oemdspif.dll
2014-12-13 02:03 - 2014-01-23 04:41 - 00386368 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2014-12-13 02:03 - 2014-01-23 04:41 - 00062608 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
 
Some content of TEMP:
====================
C:\Users\josh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\josh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\josh\AppData\Local\Temp\nvStInst.exe
C:\Users\josh\AppData\Local\Temp\oct3483.tmp.exe
C:\Users\josh\AppData\Local\Temp\oct4302.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-05 05:11
 
==================== End Of Log ============================


ADDITIONS.TXT

dsAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by josh at 2015-01-07 17:40:04
Running from C:\Users\josh\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Host App Service (HKU\S-1-5-21-629982708-3794164321-3459517327-1002\...\Pokki) (Version: 0.269.5.367 - Pokki)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.20.1447 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{72814a2c-2e03-4a50-b30a-43e7884b3934}) (Version: 16.5.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.26.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7030 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-629982708-3794164321-3459517327-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
StageLight version 1.0.0.3508 (HKLM\...\StageLight) (Version: version 1.0.0.3508 - Open Labs, LLC.)
Start Menu (HKU\S-1-5-21-629982708-3794164321-3459517327-1002\...\Pokki_Start_Menu) (Version: 0.269.5.367 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-12-2014 14:10:13 Installed DirectX
27-12-2014 23:28:47 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
29-12-2014 12:20:59 Installed iTunes
05-01-2015 17:10:51 Installed Oracle VM VirtualBox 4.3.20
07-01-2015 11:29:15 Installed Oracle VM VirtualBox 4.3.20
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D46BEC8-6195-40A7-9A53-3A9A52048C4F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {2C17C657-30C4-4691-86FD-F80B4B892869} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {513BF73F-5D9C-480C-8CD1-4BEE871F073C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {51528C45-D920-4562-A787-8D6F45072F3F} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {73B779E9-AF2D-4DF9-A530-EE558F5E592B} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
Task: {85BB9539-DE2E-4BC1-ABA0-17CFBECA9C59} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {8BB838ED-6A66-48F6-A89C-9128A1BD99D5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {8CBF71B4-A357-4C2B-B00E-C09DA7AC72C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-26] (Google Inc.)
Task: {8E1DE682-7062-4363-A315-80EC89F9EC2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-26] (Google Inc.)
Task: {E9A6DCC7-B2B9-420F-B23A-B5684221DFAD} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {EE53CDD6-B7D9-4121-B4C2-A64A0522FB13} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-27] (AVAST Software)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-23 04:41 - 2014-12-13 02:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-09 16:22 - 2014-12-09 16:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-01-23 05:10 - 2012-04-24 20:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-01-23 05:14 - 2014-01-23 05:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-01-23 05:14 - 2014-01-23 05:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-12-27 02:18 - 2014-12-27 02:18 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-27 02:18 - 2014-12-27 02:18 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-09-18 01:23 - 2014-09-18 01:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 12:51 - 2014-10-14 12:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 01:23 - 2014-09-18 01:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 12:51 - 2014-10-14 12:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-01-23 04:58 - 2013-10-25 03:23 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2014-12-30 18:12 - 2014-12-30 18:12 - 00374840 _____ () C:\Users\josh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-12-26 14:52 - 2014-12-26 14:52 - 00103424 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
2015-01-07 11:14 - 2015-01-07 11:14 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010700\algo.dll
2014-12-27 02:18 - 2014-12-27 02:18 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-07 12:58 - 2015-01-07 12:58 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010701\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-23 04:48 - 2013-08-08 15:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-26 14:43 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-26 14:43 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-30 18:12 - 2014-12-30 18:12 - 36966968 _____ () C:\Users\josh\AppData\Roaming\Spotify\Data\libcef.dll
2014-12-26 14:43 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-26 14:43 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-31 16:52 - 2014-12-31 16:52 - 00569856 _____ () C:\Users\josh\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2014-12-31 16:52 - 2014-12-31 16:52 - 01400846 _____ () C:\Users\josh\AppData\Local\Pokki\Engine\avcodec-54.dll
2014-12-31 16:52 - 2014-12-31 16:52 - 00151054 _____ () C:\Users\josh\AppData\Local\Pokki\Engine\avutil-51.dll
2014-12-31 16:52 - 2014-12-31 16:52 - 00222734 _____ () C:\Users\josh\AppData\Local\Pokki\Engine\avformat-54.dll
2014-12-27 02:19 - 2014-12-27 02:19 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-30 18:12 - 2014-12-30 18:12 - 00867896 _____ () C:\Users\josh\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-12-30 18:12 - 2014-12-30 18:12 - 00886840 _____ () C:\Users\josh\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-12-30 18:12 - 2014-12-30 18:12 - 00108600 _____ () C:\Users\josh\AppData\Roaming\Spotify\Data\libegl.dll
2014-12-26 14:43 - 2014-12-05 19:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libcef.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libGLESv2.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00907776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\platforms\qwindows.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libEGL.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qgif.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qico.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qmng.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-12-26 14:55 - 2014-12-26 14:55 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2014-12-26 14:48 - 2014-11-11 12:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-12-26 14:48 - 2014-11-11 12:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-12-26 14:48 - 2014-11-11 12:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-12-26 14:48 - 2014-11-11 12:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-26 14:48 - 2014-11-18 14:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-12-26 14:48 - 2014-11-11 12:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-12-26 14:48 - 2014-11-11 12:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-12-26 14:48 - 2014-11-18 14:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-01-07 17:19 - 2015-01-07 17:19 - 00155232 ___HT () C:\Users\josh\AppData\Local\Temp\~D44.tmp
2014-12-26 14:48 - 2014-11-11 12:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00198144 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 00311296 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00203776 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll
2014-12-26 14:51 - 2014-12-26 14:51 - 00387584 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 05853696 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\engine.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00155648 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 01175040 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 01243648 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll
2014-12-26 14:51 - 2014-12-26 14:51 - 00352256 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 00608256 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00164864 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 00708096 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00134656 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 01338880 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 00396800 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 03186176 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 01762816 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00143872 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\localize.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00231424 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 00992256 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 01059328 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\chromehtml.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 20625832 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\libcef.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 01099616 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\avcodec-53.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00123232 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\avutil-51.dll
2014-12-26 14:51 - 2014-12-26 14:51 - 00190816 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\avformat-53.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 00583168 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 12300800 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 09820672 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00094720 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll
2014-12-26 14:51 - 2014-12-26 14:52 - 00969216 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00084992 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll
2014-12-26 14:52 - 2014-12-26 14:52 - 00071680 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi
2014-12-26 14:52 - 2014-12-26 14:52 - 00012800 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt
2014-12-26 14:52 - 2014-12-26 14:52 - 00055808 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\msseax.flt
2014-12-26 14:52 - 2014-12-26 14:52 - 00176128 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_speex.dll
2014-12-26 14:48 - 2014-11-11 12:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\josh\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-629982708-3794164321-3459517327-500 - Administrator - Disabled)
Guest (S-1-5-21-629982708-3794164321-3459517327-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-629982708-3794164321-3459517327-1004 - Limited - Enabled)
josh (S-1-5-21-629982708-3794164321-3459517327-1002 - Administrator - Enabled) => C:\Users\josh
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/07/2015 01:42:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/07/2015 11:24:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
 
Error: (01/07/2015 11:24:23 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
 
Error: (01/07/2015 11:23:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
 
Error: (01/07/2015 11:23:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
 
Error: (01/07/2015 10:52:34 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/06/2015 11:49:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/05/2015 04:42:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/04/2015 10:41:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/04/2015 04:28:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234
 
 
System errors:
=============
Error: (01/07/2015 11:29:34 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video6Graphics Exception: ESR 0x405840=0xa2040800
 
Error: (01/07/2015 11:29:34 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video6Graphics Exception: Shader Program Header 18 Error
 
Error: (01/07/2015 11:29:34 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video6Graphics Exception: Shader Program Header 11 Error
 
Error: (01/07/2015 11:29:34 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video6Graphics Exception: ESR 0x405840=0xa2040800
 
Error: (01/07/2015 11:29:34 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video6Graphics Exception: Shader Program Header 18 Error
 
Error: (01/07/2015 11:29:34 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video6Graphics Exception: Shader Program Header 11 Error
 
Error: (01/07/2015 11:29:34 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video6Graphics Exception: ESR 0x405840=0xa2040800
 
Error: (01/07/2015 11:29:34 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video6Graphics Exception: Shader Program Header 18 Error
 
Error: (01/07/2015 11:29:34 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video6Graphics Exception: Shader Program Header 11 Error
 
Error: (01/07/2015 11:29:34 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video6Graphics Exception: ESR 0x405840=0xa2040800
 
 
Microsoft Office Sessions:
=========================
Error: (01/07/2015 01:42:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/07/2015 11:24:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Users\josh\AppData\Local\Pokki\Engine\HostAppService.exe
 
Error: (01/07/2015 11:24:23 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Users\josh\AppData\Local\Pokki\Engine\HostAppService.exe
 
Error: (01/07/2015 11:23:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Users\josh\AppData\Local\Temp\oct3483.tmp.exe
 
Error: (01/07/2015 11:23:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Users\josh\AppData\Local\Temp\oct3483.tmp.exe
 
Error: (01/07/2015 10:52:34 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/06/2015 11:49:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/05/2015 04:42:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/04/2015 10:41:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/04/2015 04:28:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-07 17:28:03.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 17:27:48.130
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 17:19:35.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-06 11:41:19.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-06 11:40:58.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-05 21:49:17.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-05 21:44:20.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 18:05:18.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 17:56:27.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 14:58:44.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 69%
Total physical RAM: 8138.27 MB
Available physical RAM: 2498.02 MB
Total Pagefile: 9418.27 MB
Available Pagefile: 2618.19 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:891.66 GB) (Free:781.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.86 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 56872CDE)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#4
zep516
Posted 07 January 2015 - 06:08 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
FRST is Running from-> C:\Users\josh\Downloads

Can you move FRST to the desktop, it's currently in the downloads folder.
To do that:
1 Navigate to your downloads folder-->C:\Users\josh\Downloads
2 Open the downloads folder find FRST.
3 Right click on FRST, choose cut.
4 Now on the desktop Right click on an empty space, choose paste.
You have now successfully moved FRST to the desktop.

3 questions
1 Can you right click on command prompt and run as administrator without error?
2 Did the windows install seem to go ok ?
3 Have you visited windows update ?

Please answer the questions, I need a bit of time to look over log reports.

Thanks
Joe :)
  • 0

#5
jayshica
Posted 07 January 2015 - 06:19 PM

jayshica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Ok sorry didn't know I had to be that specific :-p I moved it to desktop should I repaste now...? Or Rescan?

1-I can run without administrator and it will open, however I get the same error whenever I try to type a command.
2- the windows install, when I reformatted my computer? I think it went ok.
3-I have updated and when I first tried to update it wouldn't let me past the first update (I think its because of something with a metered connection) anyways I fixed it and it installed them.. I DO have some new window updates I have to install currently. After disabling some option It was able to install when after I reformatted.


Edited by jayshica, 07 January 2015 - 06:24 PM.

  • 0

#6
zep516
Posted 07 January 2015 - 06:36 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts

sorry didn't know I had to be that specific

Read all instructions carefully.

No. Rescanning is not required.

Lets look at 1 more issue before I thoroughly review logs.

Warning

2 Anti virus programs running:
  • Avast Internet Security (Version: 10.0.2208 - AVAST Software)
  • McAfee LiveSafe Internet Security (Version: 12.8.992 - McAfee, Inc.)

    The real-time protection of two antivirus programs may conflict with each other and cause the following:
  • Performance: More then one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
  • Please uninstall 1 of the Anti Virus programs from your programs & Features list.
    Start > control panel > Programs & Features----uninstall....


    Let me know the Anti Virus Program your uninstalling, because we will need to run a special uninstall tool.

    Thanks
    Joe :)

  • 0

#7
jayshica
Posted 07 January 2015 - 06:55 PM

jayshica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Ok I read online that Avast and Mcafee were a great duo so I had both of them. I have the paid version of Mcafee so I uninstalled Avast. Just restarted my pc and checked if it uninstalled and it indeed did.

 

But to add I also have Malewarebytes premium..  I'm not sure if that showed in the report which is strange. But As far as I know it just scans, I think premium protects more in real time not sure.


Edited by jayshica, 07 January 2015 - 06:57 PM.

  • 0

#8
zep516
Posted 07 January 2015 - 07:06 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

Next

Download the avast uninstall utility from Here
1. In the box that opens, choose save and save the file to the desktop.
2. From the desktop Open (execute) the Avast uninstall utility.
3. Let me know that was successful.

The uninstall tool will remove left over registry entries that often get left behind.

Thanks
Joe :)
  • 0

#9
jayshica
Posted 07 January 2015 - 07:25 PM

jayshica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

OK it is done, it booted into safemode and uninstalled it.


  • 0

#10
zep516
Posted 07 January 2015 - 07:36 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Great !

Off to a good start.

Now I need to look at logs and review them. This will take an hour or more and it's possible I may not get back to you tonite,

My schedule on the forum is usually 4pm until Midnight EST.

Thanks
Joe :)
  • 0

Advertisements

#11
jayshica
Posted 07 January 2015 - 07:38 PM

jayshica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

No problem Joe, thanks for your help man I really appreiciate it.. I'll check tonight but no rush, i'll check tomorrow around 4-5 :-) Have a good night!


Edited by jayshica, 07 January 2015 - 07:40 PM.

  • 0

#12
zep516
Posted 09 January 2015 - 06:49 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello jayshica,

 

I looked online for solutions and one that fixed for many people was changing the Envireonmental Variables to Path:System 32. I did this and no luck,


Are these the instructions you followed:

Log in with Administrator privileges.
Right-click "My Computer" & select "Properties."
Click "Advanced" tab.
Click "Environment Variables" button.
In the "System variables" box, scroll down to "PATH" and highlight it.
Click the "Edit" button.
In the "Variable value:" box, add to the very beginning of the text "C:\WINDOWS\system32;" without my quotation marks.
Make sure you include the semicolon.
Click OK three times.


Thanks
Joe :)
  • 0

#13
jayshica
Posted 10 January 2015 - 12:00 AM

jayshica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Yes exactly that, it didn't fix my command prompt issue. I reinstalled java and I think it changed it on the 2nd panel in there, so I tried it didnt work so i tried to change it back to system32 still no luck. Here is the error "is not recognized as an internal or external command, operable program or batch file."

 


Edited by jayshica, 10 January 2015 - 12:12 AM.

  • 0

#14
zep516
Posted 10 January 2015 - 12:04 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
OK,

I'll need to ask for assistance on this as I am not a 100 percent sure how to advise you just yet.

Joe
  • 0

#15
jayshica
Posted 10 January 2015 - 12:30 AM

jayshica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Thanks Joe :-/ appreciate the support you guys are giving me. If there are any questions let me know, as im eager to fix this lol.


Edited by jayshica, 10 January 2015 - 12:31 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP