While following the M.B. trovi re I mistakenly skipped checking off the the "revert to my original settings" box.
Infected Trovi , I mistakenly skipped a step and can't go back, too late.
- Thread starter ezkmfe
- Start date
- Mar 8, 2013
- 22,627
Hello,
They call me TwinHeadedEagle around here, and I'll be working with you.
Before we start please read and note the following:
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Post its content into your next reply.
They call me TwinHeadedEagle around here, and I'll be working with you.
Before we start please read and note the following:
- At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
- Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
- Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
- Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
- All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
- If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
- I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
- Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
- Please attach all report using
button below. Doing this, you make it easier for me to analyze and fix your problem.
- Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
- If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; autoclean; emptyalltemp; ipconfig /flushdns;b - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Hello TwinHeadedEagle,
Thank you so much for responding so quickly! I apologize for taking so long to reply.
I've disabled free Avira and Windows Defender. On this computer, also have free Spybot, Adwcleaner, JRT-downloaded Trovi while attempting to update, CCcleaner, and Keyscramber. I have two questions:
1) The instructions did not specifically mention these others. Do I need to disable all four of those as well?
2) I think I went out of order by disabling Anti-virus before downloading ZOEK? Do I need to re-enable Avira and W.D. before downloading ZOEK?
Thank you so much for responding so quickly! I apologize for taking so long to reply.
I've disabled free Avira and Windows Defender. On this computer, also have free Spybot, Adwcleaner, JRT-downloaded Trovi while attempting to update, CCcleaner, and Keyscramber. I have two questions:
1) The instructions did not specifically mention these others. Do I need to disable all four of those as well?
2) I think I went out of order by disabling Anti-virus before downloading ZOEK? Do I need to re-enable Avira and W.D. before downloading ZOEK?
- Mar 8, 2013
- 22,627
Ok, Avira is disabled but Windows firewall is still on, is that ok? My computer did a bunch of updates when I went to shut it down this morning and while Avira and Window's were disabled. is this something I need to worry about?
- Mar 8, 2013
- 22,627
Zoek.exe v5.0.0.0 Updated 14-December-2014
Tool run by William on Mon 12/15/2014 at 0:33:14.67.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\William\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/15/2014 12:34:16 AM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\DriverUpdate deleted successfully
C:\PROGRA~2\New Folder deleted successfully
C:\Program Files\office.tmp deleted successfully
C:\PROGRA~3\Office2013 deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Users\William\AppData\Roaming\Lavasoft deleted successfully
C:\Users\William\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\pmeuph\AppData\Local\VirtualStore deleted successfully
C:\Users\William\AppData\Local\PackageStaging deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1787851555-3533030999-402119898-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\pmeuph\AppData\Roaming\Mozilla\Firefox\Profiles\rwwah3pw.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141215_1241_.backup
ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113
user.js not found
---- Lines trovi removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Trovi search");
user_pref("browser.search.selectedEngine", "Trovi search");
user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT33...ID=M8B1F8C4B-6507-443A-A218-CE78FB78CB78&Sear
---- FireFox user.js and prefs.js backups ----
prefs_20141215_1241_.backup
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\found.000 deleted
C:\Users\William\AppData\Roaming\WB.CFG deleted
C:\Users\William\AppData\Roaming\msvcr90-ruby191.dll deleted
C:\PROGRA~3\eBay deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\pmeuph\AppData\Local\adawarebp deleted
C:\Users\William\Downloads\The Upsetter Bundle(1) - Shortcut.lnk deleted
C:\Users\William\Downloads\The Upsetter Bundle(1).torrent deleted
C:\Users\William\Downloads\The Upsetter Bundle.torrent deleted
C:\Users\William\AppData\LocalLow\ADSRemoval deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\searchplugins\trovi-search.xml deleted
C:\Users\William\Desktop\FREE Games.url deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113
- Undetermined - {3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- Undetermined - https-everywhere@eff.org
- HTTPS-Everywhere - %ProfilePath%\extensions\https-everywhere@eff.org
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113
9860727E477F17B88E39AF8B69B0407A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
==== Chromium Look ======================
Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)
Google Voice Search Hotword (Beta) - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
TinEye Reverse Image Search - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl
Webutation - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj
Hover Zoom - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
SEO Global For Google Search™ - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{82F9069D-ED83-4D40-8B29-FFFE4BD3FFAF} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1787851555-3533030999-402119898-1002\Software\Microsoft\Internet Explorer\SearchScopes\{82F9069D-ED83-4D40-8B29-FFFE4BD3FFAF} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\pmeuph\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\William\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\William\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\pmeuph\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\William\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\William\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\pmeuph\AppData\Local\Mozilla\Firefox\Profiles\rwwah3pw.default\Cache emptied successfully
C:\Users\pmeuph\AppData\Local\Mozilla\Firefox\Profiles\rwwah3pw.default\cache2 emptied successfully
C:\Users\William\AppData\Local\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\pmeuph\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1254 folders=118 301930824 bytes)
==== Empty Temp Folders ======================
C:\Users\ADMINI~1\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\pmeuph\AppData\Local\Temp emptied successfully
C:\Users\William\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\William\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Mon 12/15/2014 at 0:46:30.12 ======================
- Mar 8, 2013
- 22,627
Very good. Any progress?
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Thank you! I don't know how to tell if there's any progress. Here's one thing I noticed when I signed back in, after the computer restart. Out of habit I mistakenly opened Firefox and was pleasantly surprised to see that the opening Firefox page is back, no visible signs of Trovi there! How do I know if there is progress, other than that?
- Mar 8, 2013
- 22,627
This popped up when I tried to run FRST. The file was too big to upload, here is a link to screen pic I took with my phone. https://www.flickr.com/gp/91035476@N07/673qmZ
- Mar 8, 2013
- 22,627
It's a pop up that says: Windows protected your PC "Windows SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk. More info" etc...
- Mar 8, 2013
- 22,627
Ok, I ran it. Now this popped up:https://www.flickr.com/gp/91035476@N07/0s8e5M. What does that mean? Where do I look for FRST.txt?
- Mar 8, 2013
- 22,627
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by William (administrator) on FLORENCIA on 15-12-2014 02:02:22
Running from C:\Users\William\Downloads
Loaded Profile: William (Available profiles: William)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [453448 2014-08-13] ()
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-08] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-11-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-11-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-02-01] (cyberlink)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Run: [BitTorrent] => C:\Users\William\AppData\Roaming\BitTorrent\BitTorrent.exe [1388376 2014-11-07] (BitTorrent Inc.)
HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\RunOnce: [Adobe Speed Launcher] => 1418633209
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174856 2014-11-12] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-12] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-11-12] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-12] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1787851555-3533030999-402119898-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\searchplugins\yahoo_ff.xml
FF Extension: HTTPS-Everywhere - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\Extensions\https-everywhere@eff.org [2014-10-19]
FF Extension: AddThis - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2014-07-26]
Chrome:
=======
CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Search by Image for Google™) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdigejhabbnmfbbebmchkkjhcdjmeli [2014-07-10]
CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31]
CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31]
CHR Extension: (Google Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31]
CHR Extension: (Avira Browser Safety) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-07-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-09-30]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-07-10]
CHR Extension: (Keep My Opt-Outs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-07-10]
CHR Extension: (Webutation) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Hover Zoom) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-07-10]
CHR Extension: (SEO Global For Google Search™) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2014-07-10]
CHR Extension: (Picasa) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-07-17]
CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11] (Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [247768 2013-02-01] (CyberLink)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-05-25] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3349984 2014-05-25] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-05-25] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-03-09] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-15 02:02 - 2014-12-15 02:02 - 00024829 _____ () C:\Users\William\Downloads\FRST.txt
2014-12-15 02:01 - 2014-12-15 02:02 - 00000000 ____D () C:\FRST
2014-12-15 01:37 - 2014-12-15 01:37 - 00001175 _____ () C:\Users\William\Desktop\FRST64 - Shortcut.lnk
2014-12-15 01:29 - 2014-12-15 01:29 - 02119168 _____ (Farbar) C:\Users\William\Downloads\FRST64.exe
2014-12-15 01:16 - 2014-12-15 01:16 - 00000000 ___SH () C:\DkHyperbootSync
2014-12-15 00:44 - 2014-12-15 00:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-12-15 00:34 - 2014-12-15 00:46 - 00011089 _____ () C:\zoek-results.log
2014-12-15 00:30 - 2014-12-15 00:41 - 00000000 ____D () C:\zoek_backup
2014-12-15 00:30 - 2014-12-15 00:30 - 00001428 _____ () C:\Users\William\Desktop\zoek - Shortcut.lnk
2014-12-15 00:28 - 2014-12-15 00:28 - 01295360 _____ () C:\Users\William\Downloads\zoek.exe
2014-12-14 02:45 - 2014-12-14 02:45 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-13 15:32 - 2014-11-26 13:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-13 15:32 - 2014-11-26 13:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 15:37 - 2014-11-09 18:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-11 15:37 - 2014-11-09 17:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 15:36 - 2014-10-30 15:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-11 15:36 - 2014-10-30 15:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 15:33 - 2014-12-03 15:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-11 15:33 - 2014-12-03 15:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-11 15:33 - 2014-12-02 15:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-11 15:33 - 2014-12-02 15:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-11 15:33 - 2014-12-02 15:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-11 15:33 - 2014-12-02 15:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-11 15:33 - 2014-12-02 15:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-11 15:33 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 15:33 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 15:33 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 15:33 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 15:33 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 15:33 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 15:33 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 15:33 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 15:33 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 15:33 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 15:33 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 15:33 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 15:33 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 15:33 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 15:33 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 15:33 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 15:33 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 15:33 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 15:33 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 15:33 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 15:33 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 15:33 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 15:33 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 15:33 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 15:33 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 15:33 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 15:33 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 15:33 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 15:33 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 15:33 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 15:33 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 15:33 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 15:33 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 15:33 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 15:33 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 15:33 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 15:33 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 15:33 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 15:33 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 15:33 - 2014-11-06 20:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 15:33 - 2014-11-06 19:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 15:33 - 2014-10-31 15:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 15:33 - 2014-10-31 15:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-11 15:33 - 2014-10-12 18:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 15:33 - 2014-10-12 18:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 15:33 - 2014-10-12 18:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 15:33 - 2014-10-12 18:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 15:29 - 2014-12-11 15:29 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-20 23:52 - 2014-07-26 01:55 - 08289788 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141120-235211.backup
2014-11-20 14:19 - 2014-11-20 14:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-11-20 14:19 - 2014-11-20 14:19 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-11-20 14:19 - 2014-11-12 13:56 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2014-11-20 14:18 - 2014-11-20 14:18 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-20 14:18 - 2014-11-20 14:18 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-11-20 14:18 - 2014-11-12 16:20 - 31893136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 24557712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 20986592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 20922512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 19966344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 18514616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 17259664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 16884632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 14032984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 13944952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 13213512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-11-20 14:18 - 2014-11-12 16:20 - 11397744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 11336432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 04292416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 04011208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 03262784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 02874456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434475.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 01540424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434475.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00964928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00923792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00900928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00871648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00500880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00418112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00393024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00352016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00348304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00303600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00174856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00156840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-11-20 14:18 - 2014-11-12 16:20 - 00031560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-11-20 14:18 - 2014-11-12 16:20 - 00027094 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-11-18 16:23 - 2014-11-18 16:23 - 00058658 _____ () C:\Users\William\Downloads\da2008-11-22.schoeps_21_24bit_archive(2).torrent
2014-11-18 16:20 - 2014-11-18 16:20 - 00058658 _____ () C:\Users\William\Downloads\da2008-11-22.schoeps_21_24bit_archive(1).torrent
2014-11-18 15:00 - 2014-11-18 15:00 - 00058658 _____ () C:\Users\William\Downloads\da2008-11-22.schoeps_21_24bit_archive.torrent
2014-11-18 13:49 - 2014-11-22 01:41 - 00001628 _____ () C:\Users\William\Desktop\laigualdadsocial00aren - Shortcut.lnk
2014-11-18 13:49 - 2014-11-22 01:41 - 00001628 _____ () C:\Users\William\Desktop\laigualdadsocial00aren - Shortcut (2).lnk
2014-11-18 13:38 - 2014-11-18 13:42 - 00000000 ____D () C:\Users\William\AppData\Roaming\foobar2000
2014-11-18 13:38 - 2014-11-18 13:38 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2014-11-18 13:38 - 2014-11-18 13:38 - 00001058 _____ () C:\Users\Public\Desktop\foobar2000.lnk
2014-11-18 13:38 - 2014-11-18 13:38 - 00000000 ____D () C:\Program Files (x86)\foobar2000
2014-11-18 13:36 - 2014-11-18 13:36 - 03828176 _____ (foobar2000.org) C:\Users\William\Downloads\foobar2000_v1.3.5.exe
2014-11-18 13:29 - 2014-11-18 13:29 - 00001002 _____ () C:\Users\Public\Desktop\Winamp.lnk
2014-11-18 13:29 - 2014-11-18 13:29 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
2014-11-18 13:29 - 2014-11-18 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-11-18 13:29 - 2014-11-18 13:29 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect
2014-11-18 13:28 - 2014-11-18 13:31 - 00000000 ____D () C:\Users\William\AppData\Roaming\Winamp
2014-11-18 13:23 - 2014-11-18 13:26 - 12432368 _____ (Nullsoft, Inc.) C:\Users\William\Downloads\winamp5666_full_en-us.exe
2014-11-18 13:06 - 2014-11-18 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-11-18 13:06 - 2014-11-18 13:06 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-11-18 13:04 - 2014-11-18 13:04 - 02653944 _____ (Xiph.Org) C:\Users\William\Downloads\opencodecs_0.85.17777.exe
2014-11-18 12:50 - 2014-11-18 12:50 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-11-18 12:32 - 2014-11-18 12:32 - 00000000 __SHD () C:\Users\William\AppData\Local\EmieBrowserModeList
2014-11-18 12:06 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2014-11-18 12:06 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2014-11-18 12:05 - 2014-11-18 13:29 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-11-18 12:02 - 2014-11-18 12:02 - 10328598 _____ (Nullsoft, Inc.) C:\Users\William\Downloads\winamp5666_full_en-us_redux.exe
2014-11-18 11:42 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-18 11:42 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-18 11:42 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-18 11:42 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-18 00:26 - 2014-11-18 00:26 - 00000624 _____ () C:\Users\William\Desktop\JRT.txt
2014-11-18 00:15 - 2014-12-15 01:56 - 01234601 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-18 00:13 - 2014-12-15 00:45 - 00008096 _____ () C:\WINDOWS\PFRO.log
2014-11-18 00:07 - 2014-07-26 01:55 - 08289788 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141118-000716.backup
2014-11-18 00:06 - 2014-07-26 01:55 - 08289788 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141118-000620.backup
2014-11-17 16:40 - 2014-11-17 16:40 - 00000166 _____ () C:\Users\William\Downloads\listen.asx
2014-11-17 13:58 - 2014-11-03 16:04 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434465.dll
2014-11-17 13:58 - 2014-11-03 16:04 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434465.dll
2014-11-17 13:55 - 2014-10-03 11:23 - 00038216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-11-17 13:55 - 2014-10-03 11:23 - 00035144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-11-17 13:55 - 2014-10-03 11:23 - 00032584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-15 02:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-15 01:55 - 2013-11-16 19:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-15 01:07 - 2014-11-14 21:02 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cef0be23c17871.job
2014-12-15 01:06 - 2014-02-22 21:45 - 00004984 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for FLORENCIA-William Florencia
2014-12-15 00:51 - 2013-11-15 00:14 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1787851555-3533030999-402119898-1002
2014-12-15 00:51 - 2013-09-29 20:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-15 00:48 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-15 00:46 - 2014-11-14 21:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 00:46 - 2013-12-01 00:51 - 00000000 ___DO () C:\Users\William\SkyDrive
2014-12-15 00:45 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-15 00:44 - 2013-11-06 17:49 - 00014848 _____ () C:\WINDOWS\system32\VfService.trf
2014-12-15 00:44 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-14 22:52 - 2014-01-01 17:36 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{65B76E5E-3F8B-41AF-9909-B4586A51D912}
2014-12-14 02:45 - 2014-07-09 01:58 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-14 02:45 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-13 15:35 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-13 15:34 - 2013-11-15 21:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 15:34 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-13 15:34 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-13 15:32 - 2013-11-15 21:48 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 16:27 - 2014-07-11 02:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 15:55 - 2013-11-16 19:00 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-21 01:02 - 2014-10-19 23:48 - 01707532 _____ (Thisisu) C:\Users\William\Downloads\JRT.exe
2014-11-21 00:58 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-11-21 00:00 - 2014-07-09 01:08 - 00000000 ____D () C:\Users\William\AppData\Roaming\BitTorrent
2014-11-21 00:00 - 2014-03-27 22:33 - 00000000 ____D () C:\AdwCleaner
2014-11-20 19:12 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-20 14:19 - 2014-09-29 01:53 - 00000000 ____D () C:\Temp
2014-11-20 14:19 - 2013-11-06 17:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-18 01:48 - 2013-12-01 00:17 - 00000000 ____D () C:\Users\William
Some content of TEMP:
====================
C:\Users\William\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-12 04:27
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by William at 2014-12-15 02:02:45
Running from C:\Users\William\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
BitTorrent (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
eApp (HKLM-x32\...\{0FD1E53F-FD21-4A6B-ADB6-A044FC4DBAA1}) (Version: 2.00 - AIL)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
ExpressCache (HKLM\...\{6E55C9F8-138E-4128-8A9F-6464725BE98A}) (Version: 1.0.102.0 - Condusiv Technologies)
foobar2000 v1.3.5 (HKLM-x32\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.19.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5001.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5001.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nitro Pro 8 (HKLM\...\{7E9123BE-E96E-46EF-A097-6EEC2065F752}) (Version: 8.5.5.2 - Nitro)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Pdfedit (HKLM-x32\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
StageLight (HKLM\...\StageLight) (Version: 1.3.0.4350 - Open Labs, LLC.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1787851555-3533030999-402119898-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1787851555-3533030999-402119898-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
11-12-2014 23:24:39 Windows Update
15-12-2014 08:34:03 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-06-02 22:17 - 2014-07-26 01:55 - 08289788 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info
127.0.0.1 08srvr.combineads.info
127.0.0.1 12srvr.combineads.info
127.0.0.1 2010-fr.com
127.0.0.1 2012-new.biz
127.0.0.1 212link.com
127.0.0.1 2319825.ourtoolbar.com
127.0.0.1 24h00business.com
127.0.0.1 a.adorika.net
127.0.0.1 a.ad-sys.com
127.0.0.1 a.daasafterdusk.com
127.0.0.1 ad.adn360.com
127.0.0.1 adcash.com
127.0.0.1 adeartss.eu
127.0.0.1 adesoeasy.eu
127.0.0.1 adf.girldatesforfree.net
127.0.0.1 adm.soft365.com
127.0.0.1 adomicileavail.googlepages.com
127.0.0.1 ads7.complexadveising.com
127.0.0.1 ads.adplxmd.com
127.0.0.1 ads.aff.co
127.0.0.1 ads.alpha00001.com
127.0.0.1 ads.cloud4ads.com
127.0.0.1 ads.egdating.net
127.0.0.1 ads.eorezo.com
127.0.0.1 ads.hooqy.com
127.0.0.1 ads.pornerbros.com
127.0.0.1 ads.realken.com
127.0.0.1 ads.regiedepub.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D78375D-8A74-489D-9A9A-BE3D83EE1B62} - System32\Tasks\{B0706191-1934-41FA-A144-DDFAFBD67E43} => Firefox.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {18FC36DE-D6A2-4434-BA28-9F060A9651EF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {2E55578D-D72B-4B7F-9B50-9FFF3EFA4B0D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {36F81FFD-9A32-4145-A237-0B984733F8FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {56BE943F-1FC1-45C5-80E7-B8D19C45DAFD} - System32\Tasks\GoogleUpdateTaskMachineUA1cef0be23c17871 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {5FCD2A30-DCC4-4EEC-8110-A02666AE3205} - System32\Tasks\UMonitor Task => C:\windows\system32\UMonit64.exe
Task: {5FD48BA0-EC9C-4E8A-97D4-C0C4320002E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {66E4978F-7786-402C-9A97-4713656AFD74} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {6A20D182-46CA-42BA-9705-2415EC6145E8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {76D9D055-1C9C-44C7-B0E0-C1507C4BB12D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-13] (Microsoft Corporation)
Task: {8F12698B-754C-4E74-BEB7-343A639EC034} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {AB41CDDC-A6CF-4F7C-8EA6-F8E2FD95F7A2} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1787851555-3533030999-402119898-1002
Task: {BB77C989-DB88-483A-8C0E-C38E12F1B8F3} - System32\Tasks\{A380AA2B-77C2-4EAC-B97B-637458136D4D} => pcalua.exe -a "C:\Program Files (x86)\qBittorrent\uninst.exe"
Task: {C7ECD98F-2D6E-45A6-BAFC-4CC0A1EFFA2A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {CE087E31-1A58-40BD-8A55-9FD73B94BFB6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {E4927CF0-322E-474C-94BF-1864B471E4B9} - System32\Tasks\GoogleUpdateTaskMachineUA1cee1e159db4908 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {E8BD714C-C470-4A92-9519-E8ACEF217B45} - System32\Tasks\{D991F849-67C0-4B5D-9A6E-4A045257A854} => pcalua.exe -a "C:\Program Files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.2.5952.0\AdAwareUpdater.exe" -c --uninstall
Task: {F57DB872-8E73-43BC-A5FE-4E8B7DF6B929} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F9384E77-5B91-49FC-9354-249A3B9B0D40} - System32\Tasks\Microsoft Office 15 Sync Maintenance for FLORENCIA-William Florencia => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cef0be23c17871.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-11-06 17:04 - 2014-11-12 13:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-13 13:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-06 17:40 - 2012-04-24 18:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-11-06 17:49 - 2013-11-06 17:49 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-11-06 17:49 - 2013-11-06 17:49 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-11-13 13:27 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-13 23:24 - 2014-08-13 23:24 - 00453448 _____ () C:\WINDOWS\system32\igfxTray.exe
2014-03-13 14:55 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-13 14:55 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-13 14:55 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-13 14:55 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-13 14:55 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-11-13 13:26 - 2014-11-13 13:26 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-11-06 17:13 - 2013-05-15 19:08 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-11 15:28 - 2014-12-05 17:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 15:27 - 2014-12-05 17:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 15:28 - 2014-12-05 17:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 15:27 - 2014-12-05 17:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-11 15:28 - 2014-12-05 17:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\William\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "UMonit64"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\StartupApproved\Run: => "Advanced SystemCare 7"
HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\StartupApproved\Run: => "BitTorrent"
========================= Accounts: ==========================
Administrator (S-1-5-21-1787851555-3533030999-402119898-500 - Administrator - Disabled)
Guest (S-1-5-21-1787851555-3533030999-402119898-501 - Limited - Disabled)
William (S-1-5-21-1787851555-3533030999-402119898-1002 - Administrator - Enabled) => C:\Users\William
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/15/2014 00:44:42 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]
Error: (12/14/2014 02:45:43 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]
Error: (12/14/2014 00:05:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1a6c
Start Time: 01d0177404c620fd
Termination Time: 4294967295
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
Report Id: f83d7b12-8367-11e4-bf4f-00c2c61df9f1
Faulting package full name: 36114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6
Faulting package-relative application ID: App
Error: (12/12/2014 00:47:26 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (12/11/2014 03:28:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: FLORENCIA)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (11/21/2014 01:41:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (11/21/2014 01:20:20 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]
Error: (11/21/2014 00:00:54 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]
Error: (11/20/2014 07:47:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1758
Start Time: 01d0053d1f9d27e5
Termination Time: 4294967295
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
Report Id: 131a3849-7131-11e4-bf4c-00c2c61df9f1
Faulting package full name: 36114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6
Faulting package-relative application ID: App
Error: (11/20/2014 05:36:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
Server stack trace:
at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
at IAStorDataMgrSvcInterfaces.IPublisher.GetServerBit()
at IAStorIcon.StorageIcon.<trySubscription>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
System errors:
=============
Error: (12/15/2014 00:41:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (12/15/2014 00:41:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (12/15/2014 00:41:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (12/15/2014 00:41:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (12/15/2014 00:41:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (12/13/2014 02:22:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (12/13/2014 02:22:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (12/13/2014 02:21:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:37:59 AM on 12/13/2014 was unexpected.
Error: (12/11/2014 10:05:34 PM) (Source: DCOM) (EventID: 10016) (User: FLORENCIA)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}FlorenciaWilliamS-1-5-21-1787851555-3533030999-402119898-1002LocalHost (Using LRPC)36114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6S-1-15-2-1108376887-844143325-746510479-3280071419-2016386969-2294150450-2155870708
Error: (11/22/2014 03:57:42 AM) (Source: DCOM) (EventID: 10016) (User: FLORENCIA)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}FlorenciaWilliamS-1-5-21-1787851555-3533030999-402119898-1002LocalHost (Using LRPC)36114Feras.RedditReddHubV2_1.2.2.0_neutral__f4gsjrqj9hqv6S-1-15-2-1148596783-594735828-1081024010-608906154-3600108251-3105977856-1419927739
Microsoft Office Sessions:
=========================
Error: (12/15/2014 00:44:42 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]
Error: (12/14/2014 02:45:43 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]
Error: (12/14/2014 00:05:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841a6c01d0177404c620fd4294967295C:\WINDOWS\system32\backgroundTaskHost.exef83d7b12-8367-11e4-bf4f-00c2c61df9f136114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6App
Error: (12/12/2014 00:47:26 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
Error: (12/11/2014 03:28:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: FLORENCIA)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)
Error: (11/21/2014 01:41:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (11/21/2014 01:20:20 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]
Error: (11/21/2014 00:00:54 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]
Error: (11/20/2014 07:47:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384175801d0053d1f9d27e54294967295C:\WINDOWS\system32\backgroundTaskHost.exe131a3849-7131-11e4-bf4c-00c2c61df9f136114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6App
Error: (11/20/2014 05:36:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
Server stack trace:
at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
at IAStorDataMgrSvcInterfaces.IPublisher.GetServerBit()
at IAStorIcon.StorageIcon.<trySubscription>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
CodeIntegrity Errors:
===================================
Date: 2014-10-19 15:41:11.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-12 10:43:02.888
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 8104.27 MB
Available physical RAM: 4367.52 MB
Total Pagefile: 12690.27 MB
Available Pagefile: 8617.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:889.47 GB) (Free:823.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: EA3E1B9D)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EA3E1B9E)
Partition: GPT Partition Type.
==================== End Of Log ============================
Similar threads
- Locked
