Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Infected Trovi , I mistakenly skipped a step and can't go back, too late.
Message
<blockquote data-quote="ezkmfe" data-source="post: 315362" data-attributes="member: 31745"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01</p><p>Ran by William (administrator) on FLORENCIA on 15-12-2014 02:02:22</p><p>Running from C:\Users\William\Downloads</p><p>Loaded Profile: William (Available profiles: William)</p><p>Platform: Windows 8.1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe</p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxCUIService.exe</p><p>(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe</p><p>(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe</p><p>(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dasHost.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe</p><p>(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe</p><p>(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE</p><p>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe</p><p>() C:\Program Files\CyberLink\Shared files\RichVideo64.exe</p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe</p><p>() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe</p><p>(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe</p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe</p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe</p><p>(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxEM.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxHK.exe</p><p>() C:\Windows\System32\igfxTray.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe</p><p>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe</p><p>(Realtek semiconductor) C:\Windows\RTFTrack.exe</p><p>(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe</p><p>(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe</p><p>(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe</p><p>(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe</p><p>(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe</p><p>(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe</p><p>(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe</p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe</p><p>(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe</p><p>(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe</p><p>(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe</p><p>(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)</p><p>HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [453448 2014-08-13] ()</p><p>HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.)</p><p>HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor)</p><p>HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)</p><p>HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-08] ()</p><p>HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)</p><p>HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-11-06] (Lenovo (Beijing) Limited)</p><p>HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-11-06] (Lenovo(beijing) Limited)</p><p>HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart</p><p>HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)</p><p>HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor)</p><p>HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp</p><p>HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-02-01] (cyberlink)</p><p>HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)</p><p>HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)</p><p>HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)</p><p>Winlogon\Notify\igfxcui: igfxdev.dll [X]</p><p>HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Run: [BitTorrent] => C:\Users\William\AppData\Roaming\BitTorrent\BitTorrent.exe [1388376 2014-11-07] (BitTorrent Inc.)</p><p>HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)</p><p>HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\RunOnce: [Adobe Speed Launcher] => 1418633209</p><p>AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174856 2014-11-12] (NVIDIA Corporation)</p><p>AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-12] (NVIDIA Corporation)</p><p>AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-11-12] (NVIDIA Corporation)</p><p>AppInit_DLLs-x32: , C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-12] (NVIDIA Corporation)</p><p>ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File</p><p>ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File</p><p>ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File</p><p>ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)</p><p>ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)</p><p>ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)</p><p>ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.</p><p>ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.</p><p>ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = </p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = </p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = </p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe</p><p>SearchScopes: HKU\S-1-5-21-1787851555-3533030999-402119898-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = <a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a></p><p>BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)</p><p>BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)</p><p>DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} </p><p>Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)</p><p>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113</p><p>FF NetworkProxy: "http", "127.0.0.1"</p><p>FF NetworkProxy: "http_port", 8118</p><p>FF NetworkProxy: "ssl", "127.0.0.1"</p><p>FF NetworkProxy: "ssl_port", 8118</p><p>FF NetworkProxy: "type", 0</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()</p><p>FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)</p><p>FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF SearchPlugin: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\searchplugins\yahoo_ff.xml</p><p>FF Extension: HTTPS-Everywhere - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\Extensions\<a href="mailto:https-everywhere@eff.org">https-everywhere@eff.org</a> [2014-10-19]</p><p>FF Extension: AddThis - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2014-07-26]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Search by Image for Google™) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdigejhabbnmfbbebmchkkjhcdjmeli [2014-07-10]</p><p>CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31]</p><p>CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]</p><p>CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31]</p><p>CHR Extension: (Google Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31]</p><p>CHR Extension: (Avira Browser Safety) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-07-10]</p><p>CHR Extension: (HTTPS Everywhere) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-09-30]</p><p>CHR Extension: (TinEye Reverse Image Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-07-10]</p><p>CHR Extension: (Keep My Opt-Outs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-07-10]</p><p>CHR Extension: (Webutation) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2014-07-10]</p><p>CHR Extension: (Google Wallet) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]</p><p>CHR Extension: (Hover Zoom) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-07-10]</p><p>CHR Extension: (SEO Global For Google Search™) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2014-07-10]</p><p>CHR Extension: (Picasa) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-07-17]</p><p>CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)</p><p>R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)</p><p>S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-18] (Avira Operations GmbH & Co. KG)</p><p>R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11] (Intel Corporation)</p><p>R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)</p><p>S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [247768 2013-02-01] (CyberLink)</p><p>R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)</p><p>R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)</p><p>R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)</p><p>R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)</p><p>R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]</p><p>S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)</p><p>R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)</p><p>R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)</p><p>S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()</p><p>R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)</p><p>R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)</p><p>R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)</p><p>R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()</p><p>R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)</p><p>R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)</p><p>R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)</p><p>R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-06] ()</p><p>S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)</p><p>S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-19] (Avira Operations GmbH & Co. KG)</p><p>R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-19] (Avira Operations GmbH & Co. KG)</p><p>R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)</p><p>R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)</p><p>R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)</p><p>R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)</p><p>S3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)</p><p>R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)</p><p>R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)</p><p>R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)</p><p>R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-05-25] (Intel Corporation)</p><p>R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3349984 2014-05-25] (Intel Corporation)</p><p>R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)</p><p>R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)</p><p>R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)</p><p>R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-05-25] (Synaptics Incorporated)</p><p>S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-03-09] ()</p><p>R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)</p><p>S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)</p><p>S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-15 02:02 - 2014-12-15 02:02 - 00024829 _____ () C:\Users\William\Downloads\FRST.txt</p><p>2014-12-15 02:01 - 2014-12-15 02:02 - 00000000 ____D () C:\FRST</p><p>2014-12-15 01:37 - 2014-12-15 01:37 - 00001175 _____ () C:\Users\William\Desktop\FRST64 - Shortcut.lnk</p><p>2014-12-15 01:29 - 2014-12-15 01:29 - 02119168 _____ (Farbar) C:\Users\William\Downloads\FRST64.exe</p><p>2014-12-15 01:16 - 2014-12-15 01:16 - 00000000 ___SH () C:\DkHyperbootSync</p><p>2014-12-15 00:44 - 2014-12-15 00:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe</p><p>2014-12-15 00:34 - 2014-12-15 00:46 - 00011089 _____ () C:\zoek-results.log</p><p>2014-12-15 00:30 - 2014-12-15 00:41 - 00000000 ____D () C:\zoek_backup</p><p>2014-12-15 00:30 - 2014-12-15 00:30 - 00001428 _____ () C:\Users\William\Desktop\zoek - Shortcut.lnk</p><p>2014-12-15 00:28 - 2014-12-15 00:28 - 01295360 _____ () C:\Users\William\Downloads\zoek.exe</p><p>2014-12-14 02:45 - 2014-12-14 02:45 - 00000000 ____D () C:\WINDOWS\system32\appraiser</p><p>2014-12-13 15:32 - 2014-11-26 13:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2014-12-13 15:32 - 2014-11-26 13:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2014-12-11 15:37 - 2014-11-09 18:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll</p><p>2014-12-11 15:37 - 2014-11-09 17:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll</p><p>2014-12-11 15:36 - 2014-10-30 15:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll</p><p>2014-12-11 15:36 - 2014-10-30 15:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll</p><p>2014-12-11 15:33 - 2014-12-03 15:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll</p><p>2014-12-11 15:33 - 2014-12-03 15:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll</p><p>2014-12-11 15:33 - 2014-12-02 15:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll</p><p>2014-12-11 15:33 - 2014-12-02 15:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll</p><p>2014-12-11 15:33 - 2014-12-02 15:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll</p><p>2014-12-11 15:33 - 2014-12-02 15:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll</p><p>2014-12-11 15:33 - 2014-12-02 15:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll</p><p>2014-12-11 15:33 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec</p><p>2014-12-11 15:33 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec</p><p>2014-12-11 15:33 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll</p><p>2014-12-11 15:33 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe</p><p>2014-12-11 15:33 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl</p><p>2014-12-11 15:33 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl</p><p>2014-12-11 15:33 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll</p><p>2014-12-11 15:33 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll</p><p>2014-12-11 15:33 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll</p><p>2014-12-11 15:33 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll</p><p>2014-12-11 15:33 - 2014-11-06 20:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll</p><p>2014-12-11 15:33 - 2014-11-06 19:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll</p><p>2014-12-11 15:33 - 2014-10-31 15:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll</p><p>2014-12-11 15:33 - 2014-10-31 15:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll</p><p>2014-12-11 15:33 - 2014-10-12 18:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys</p><p>2014-12-11 15:33 - 2014-10-12 18:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys</p><p>2014-12-11 15:33 - 2014-10-12 18:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys</p><p>2014-12-11 15:33 - 2014-10-12 18:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys</p><p>2014-12-11 15:29 - 2014-12-11 15:29 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk</p><p>2014-11-20 23:52 - 2014-07-26 01:55 - 08289788 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141120-235211.backup</p><p>2014-11-20 14:19 - 2014-11-20 14:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV</p><p>2014-11-20 14:19 - 2014-11-20 14:19 - 00000000 ____D () C:\WINDOWS\system32\NV</p><p>2014-11-20 14:19 - 2014-11-12 13:56 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll</p><p>2014-11-20 14:18 - 2014-11-20 14:18 - 00000000 _____ () C:\WINDOWS\setuperr.log</p><p>2014-11-20 14:18 - 2014-11-20 14:18 - 00000000 _____ () C:\WINDOWS\setupact.log</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 31893136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 24557712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 20986592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 20922512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 19966344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 18514616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 17259664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 16884632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 14032984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 13944952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 13213512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 11397744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 11336432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 04292416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 04011208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 03262784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 02874456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434475.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 01540424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434475.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00964928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00923792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00900928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00871648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00500880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00418112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00393024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00352016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00348304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00303600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00174856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00156840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00031560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys</p><p>2014-11-20 14:18 - 2014-11-12 16:20 - 00027094 _____ () C:\WINDOWS\system32\nvinfo.pb</p><p>2014-11-18 16:23 - 2014-11-18 16:23 - 00058658 _____ () C:\Users\William\Downloads\da2008-11-22.schoeps_21_24bit_archive(2).torrent</p><p>2014-11-18 16:20 - 2014-11-18 16:20 - 00058658 _____ () C:\Users\William\Downloads\da2008-11-22.schoeps_21_24bit_archive(1).torrent</p><p>2014-11-18 15:00 - 2014-11-18 15:00 - 00058658 _____ () C:\Users\William\Downloads\da2008-11-22.schoeps_21_24bit_archive.torrent</p><p>2014-11-18 13:49 - 2014-11-22 01:41 - 00001628 _____ () C:\Users\William\Desktop\laigualdadsocial00aren - Shortcut.lnk</p><p>2014-11-18 13:49 - 2014-11-22 01:41 - 00001628 _____ () C:\Users\William\Desktop\laigualdadsocial00aren - Shortcut (2).lnk</p><p>2014-11-18 13:38 - 2014-11-18 13:42 - 00000000 ____D () C:\Users\William\AppData\Roaming\foobar2000</p><p>2014-11-18 13:38 - 2014-11-18 13:38 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk</p><p>2014-11-18 13:38 - 2014-11-18 13:38 - 00001058 _____ () C:\Users\Public\Desktop\foobar2000.lnk</p><p>2014-11-18 13:38 - 2014-11-18 13:38 - 00000000 ____D () C:\Program Files (x86)\foobar2000</p><p>2014-11-18 13:36 - 2014-11-18 13:36 - 03828176 _____ (foobar2000.org) C:\Users\William\Downloads\foobar2000_v1.3.5.exe</p><p>2014-11-18 13:29 - 2014-11-18 13:29 - 00001002 _____ () C:\Users\Public\Desktop\Winamp.lnk</p><p>2014-11-18 13:29 - 2014-11-18 13:29 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in</p><p>2014-11-18 13:29 - 2014-11-18 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp</p><p>2014-11-18 13:29 - 2014-11-18 13:29 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect</p><p>2014-11-18 13:28 - 2014-11-18 13:31 - 00000000 ____D () C:\Users\William\AppData\Roaming\Winamp</p><p>2014-11-18 13:23 - 2014-11-18 13:26 - 12432368 _____ (Nullsoft, Inc.) C:\Users\William\Downloads\winamp5666_full_en-us.exe</p><p>2014-11-18 13:06 - 2014-11-18 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org</p><p>2014-11-18 13:06 - 2014-11-18 13:06 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org</p><p>2014-11-18 13:04 - 2014-11-18 13:04 - 02653944 _____ (Xiph.Org) C:\Users\William\Downloads\opencodecs_0.85.17777.exe</p><p>2014-11-18 12:50 - 2014-11-18 12:50 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473</p><p>2014-11-18 12:32 - 2014-11-18 12:32 - 00000000 __SHD () C:\Users\William\AppData\Local\EmieBrowserModeList</p><p>2014-11-18 12:06 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll</p><p>2014-11-18 12:06 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll</p><p>2014-11-18 12:05 - 2014-11-18 13:29 - 00000000 ____D () C:\Program Files (x86)\Winamp</p><p>2014-11-18 12:02 - 2014-11-18 12:02 - 10328598 _____ (Nullsoft, Inc.) C:\Users\William\Downloads\winamp5666_full_en-us_redux.exe</p><p>2014-11-18 11:42 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll</p><p>2014-11-18 11:42 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll</p><p>2014-11-18 11:42 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll</p><p>2014-11-18 11:42 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll</p><p>2014-11-18 00:26 - 2014-11-18 00:26 - 00000624 _____ () C:\Users\William\Desktop\JRT.txt</p><p>2014-11-18 00:15 - 2014-12-15 01:56 - 01234601 _____ () C:\WINDOWS\WindowsUpdate.log</p><p>2014-11-18 00:13 - 2014-12-15 00:45 - 00008096 _____ () C:\WINDOWS\PFRO.log</p><p>2014-11-18 00:07 - 2014-07-26 01:55 - 08289788 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141118-000716.backup</p><p>2014-11-18 00:06 - 2014-07-26 01:55 - 08289788 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141118-000620.backup</p><p>2014-11-17 16:40 - 2014-11-17 16:40 - 00000166 _____ () C:\Users\William\Downloads\listen.asx</p><p>2014-11-17 13:58 - 2014-11-03 16:04 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434465.dll</p><p>2014-11-17 13:58 - 2014-11-03 16:04 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434465.dll</p><p>2014-11-17 13:55 - 2014-10-03 11:23 - 00038216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys</p><p>2014-11-17 13:55 - 2014-10-03 11:23 - 00035144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll</p><p>2014-11-17 13:55 - 2014-10-03 11:23 - 00032584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-15 02:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru</p><p>2014-12-15 01:55 - 2013-11-16 19:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job</p><p>2014-12-15 01:07 - 2014-11-14 21:02 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cef0be23c17871.job</p><p>2014-12-15 01:06 - 2014-02-22 21:45 - 00004984 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for FLORENCIA-William Florencia</p><p>2014-12-15 00:51 - 2013-11-15 00:14 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1787851555-3533030999-402119898-1002</p><p>2014-12-15 00:51 - 2013-09-29 20:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2014-12-15 00:48 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness</p><p>2014-12-15 00:46 - 2014-11-14 21:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-12-15 00:46 - 2013-12-01 00:51 - 00000000 ___DO () C:\Users\William\SkyDrive</p><p>2014-12-15 00:45 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT</p><p>2014-12-15 00:44 - 2013-11-06 17:49 - 00014848 _____ () C:\WINDOWS\system32\VfService.trf</p><p>2014-12-15 00:44 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI</p><p>2014-12-14 22:52 - 2014-01-01 17:36 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{65B76E5E-3F8B-41AF-9909-B4586A51D912}</p><p>2014-12-14 02:45 - 2014-07-09 01:58 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel</p><p>2014-12-14 02:45 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions</p><p>2014-12-13 15:35 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp</p><p>2014-12-13 15:34 - 2013-11-15 21:48 - 00000000 ____D () C:\WINDOWS\system32\MRT</p><p>2014-12-13 15:34 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS</p><p>2014-12-13 15:34 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS</p><p>2014-12-13 15:32 - 2013-11-15 21:48 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2014-12-11 16:27 - 2014-07-11 02:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-12-11 15:55 - 2013-11-16 19:00 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater</p><p>2014-11-21 01:02 - 2014-10-19 23:48 - 01707532 _____ (Thisisu) C:\Users\William\Downloads\JRT.exe</p><p>2014-11-21 00:58 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Resources</p><p>2014-11-21 00:00 - 2014-07-09 01:08 - 00000000 ____D () C:\Users\William\AppData\Roaming\BitTorrent</p><p>2014-11-21 00:00 - 2014-03-27 22:33 - 00000000 ____D () C:\AdwCleaner</p><p>2014-11-20 19:12 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache</p><p>2014-11-20 14:19 - 2014-09-29 01:53 - 00000000 ____D () C:\Temp</p><p>2014-11-20 14:19 - 2013-11-06 17:04 - 00000000 ____D () C:\ProgramData\NVIDIA</p><p>2014-11-18 01:48 - 2013-12-01 00:17 - 00000000 ____D () C:\Users\William</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\William\AppData\Local\Temp\avgnt.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-12-12 04:27</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="ezkmfe, post: 315362, member: 31745"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01 Ran by William (administrator) on FLORENCIA on 15-12-2014 02:02:22 Running from C:\Users\William\Downloads Loaded Profile: William (Available profiles: William) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor) HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [453448 2014-08-13] () HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation) HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-08] () HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-11-06] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-11-06] (Lenovo(beijing) Limited) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-02-01] (cyberlink) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Run: [BitTorrent] => C:\Users\William\AppData\Roaming\BitTorrent\BitTorrent.exe [1388376 2014-11-07] (BitTorrent Inc.) HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd) HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\RunOnce: [Adobe Speed Launcher] => 1418633209 AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174856 2014-11-12] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-12] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-11-12] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-12] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled. ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\S-1-5-21-1787851555-3533030999-402119898-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [url]http://www.google.com/search?q={searchTerms}[/url] BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8118 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8118 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\searchplugins\yahoo_ff.xml FF Extension: HTTPS-Everywhere - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\Extensions\[email]https-everywhere@eff.org[/email] [2014-10-19] FF Extension: AddThis - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\qsasoabg.default-1399773856113\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2014-07-26] Chrome: ======= CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Search by Image for Google™) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdigejhabbnmfbbebmchkkjhcdjmeli [2014-07-10] CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31] CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20] CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31] CHR Extension: (Google Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31] CHR Extension: (Avira Browser Safety) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-07-10] CHR Extension: (HTTPS Everywhere) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-09-30] CHR Extension: (TinEye Reverse Image Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-07-10] CHR Extension: (Keep My Opt-Outs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-07-10] CHR Extension: (Webutation) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2014-07-10] CHR Extension: (Google Wallet) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15] CHR Extension: (Hover Zoom) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-07-10] CHR Extension: (SEO Global For Google Search™) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2014-07-10] CHR Extension: (Picasa) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-07-17] CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-18] (Avira Operations GmbH & Co. KG) R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11] (Intel Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [247768 2013-02-01] (CyberLink) R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-06] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-19] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) S3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies) R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-05-25] (Intel Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3349984 2014-05-25] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-05-25] (Synaptics Incorporated) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-03-09] () R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-15 02:02 - 2014-12-15 02:02 - 00024829 _____ () C:\Users\William\Downloads\FRST.txt 2014-12-15 02:01 - 2014-12-15 02:02 - 00000000 ____D () C:\FRST 2014-12-15 01:37 - 2014-12-15 01:37 - 00001175 _____ () C:\Users\William\Desktop\FRST64 - Shortcut.lnk 2014-12-15 01:29 - 2014-12-15 01:29 - 02119168 _____ (Farbar) C:\Users\William\Downloads\FRST64.exe 2014-12-15 01:16 - 2014-12-15 01:16 - 00000000 ___SH () C:\DkHyperbootSync 2014-12-15 00:44 - 2014-12-15 00:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe 2014-12-15 00:34 - 2014-12-15 00:46 - 00011089 _____ () C:\zoek-results.log 2014-12-15 00:30 - 2014-12-15 00:41 - 00000000 ____D () C:\zoek_backup 2014-12-15 00:30 - 2014-12-15 00:30 - 00001428 _____ () C:\Users\William\Desktop\zoek - Shortcut.lnk 2014-12-15 00:28 - 2014-12-15 00:28 - 01295360 _____ () C:\Users\William\Downloads\zoek.exe 2014-12-14 02:45 - 2014-12-14 02:45 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2014-12-13 15:32 - 2014-11-26 13:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-12-13 15:32 - 2014-11-26 13:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-11 15:37 - 2014-11-09 18:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-11 15:37 - 2014-11-09 17:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-11 15:36 - 2014-10-30 15:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-11 15:36 - 2014-10-30 15:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 15:33 - 2014-12-03 15:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-12-11 15:33 - 2014-12-03 15:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2014-12-11 15:33 - 2014-12-02 15:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-12-11 15:33 - 2014-12-02 15:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2014-12-11 15:33 - 2014-12-02 15:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-12-11 15:33 - 2014-12-02 15:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-12-11 15:33 - 2014-12-02 15:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-12-11 15:33 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 15:33 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 15:33 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 15:33 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 15:33 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 15:33 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 15:33 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 15:33 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 15:33 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 15:33 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 15:33 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 15:33 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 15:33 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 15:33 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 15:33 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 15:33 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 15:33 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 15:33 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 15:33 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 15:33 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 15:33 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 15:33 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 15:33 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 15:33 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 15:33 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 15:33 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 15:33 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 15:33 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 15:33 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 15:33 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 15:33 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 15:33 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 15:33 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 15:33 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 15:33 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 15:33 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 15:33 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 15:33 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 15:33 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 15:33 - 2014-11-06 20:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 15:33 - 2014-11-06 19:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-11 15:33 - 2014-10-31 15:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-11 15:33 - 2014-10-31 15:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-11 15:33 - 2014-10-12 18:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 15:33 - 2014-10-12 18:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 15:33 - 2014-10-12 18:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 15:33 - 2014-10-12 18:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 15:29 - 2014-12-11 15:29 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-11-20 23:52 - 2014-07-26 01:55 - 08289788 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141120-235211.backup 2014-11-20 14:19 - 2014-11-20 14:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV 2014-11-20 14:19 - 2014-11-20 14:19 - 00000000 ____D () C:\WINDOWS\system32\NV 2014-11-20 14:19 - 2014-11-12 13:56 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2014-11-20 14:18 - 2014-11-20 14:18 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-11-20 14:18 - 2014-11-20 14:18 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-11-20 14:18 - 2014-11-12 16:20 - 31893136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 24557712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 20986592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 20922512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 19966344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 18514616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 17259664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 16884632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 14032984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 13944952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 13213512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2014-11-20 14:18 - 2014-11-12 16:20 - 11397744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 11336432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 04292416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 04011208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 03262784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 02874456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434475.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 01540424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434475.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00964928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00923792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00900928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00871648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00500880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00418112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00393024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00352016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00348304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00303600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00174856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00156840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2014-11-20 14:18 - 2014-11-12 16:20 - 00031560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys 2014-11-20 14:18 - 2014-11-12 16:20 - 00027094 _____ () C:\WINDOWS\system32\nvinfo.pb 2014-11-18 16:23 - 2014-11-18 16:23 - 00058658 _____ () C:\Users\William\Downloads\da2008-11-22.schoeps_21_24bit_archive(2).torrent 2014-11-18 16:20 - 2014-11-18 16:20 - 00058658 _____ () C:\Users\William\Downloads\da2008-11-22.schoeps_21_24bit_archive(1).torrent 2014-11-18 15:00 - 2014-11-18 15:00 - 00058658 _____ () C:\Users\William\Downloads\da2008-11-22.schoeps_21_24bit_archive.torrent 2014-11-18 13:49 - 2014-11-22 01:41 - 00001628 _____ () C:\Users\William\Desktop\laigualdadsocial00aren - Shortcut.lnk 2014-11-18 13:49 - 2014-11-22 01:41 - 00001628 _____ () C:\Users\William\Desktop\laigualdadsocial00aren - Shortcut (2).lnk 2014-11-18 13:38 - 2014-11-18 13:42 - 00000000 ____D () C:\Users\William\AppData\Roaming\foobar2000 2014-11-18 13:38 - 2014-11-18 13:38 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk 2014-11-18 13:38 - 2014-11-18 13:38 - 00001058 _____ () C:\Users\Public\Desktop\foobar2000.lnk 2014-11-18 13:38 - 2014-11-18 13:38 - 00000000 ____D () C:\Program Files (x86)\foobar2000 2014-11-18 13:36 - 2014-11-18 13:36 - 03828176 _____ (foobar2000.org) C:\Users\William\Downloads\foobar2000_v1.3.5.exe 2014-11-18 13:29 - 2014-11-18 13:29 - 00001002 _____ () C:\Users\Public\Desktop\Winamp.lnk 2014-11-18 13:29 - 2014-11-18 13:29 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in 2014-11-18 13:29 - 2014-11-18 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2014-11-18 13:29 - 2014-11-18 13:29 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect 2014-11-18 13:28 - 2014-11-18 13:31 - 00000000 ____D () C:\Users\William\AppData\Roaming\Winamp 2014-11-18 13:23 - 2014-11-18 13:26 - 12432368 _____ (Nullsoft, Inc.) C:\Users\William\Downloads\winamp5666_full_en-us.exe 2014-11-18 13:06 - 2014-11-18 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org 2014-11-18 13:06 - 2014-11-18 13:06 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org 2014-11-18 13:04 - 2014-11-18 13:04 - 02653944 _____ (Xiph.Org) C:\Users\William\Downloads\opencodecs_0.85.17777.exe 2014-11-18 12:50 - 2014-11-18 12:50 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2014-11-18 12:32 - 2014-11-18 12:32 - 00000000 __SHD () C:\Users\William\AppData\Local\EmieBrowserModeList 2014-11-18 12:06 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll 2014-11-18 12:06 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll 2014-11-18 12:05 - 2014-11-18 13:29 - 00000000 ____D () C:\Program Files (x86)\Winamp 2014-11-18 12:02 - 2014-11-18 12:02 - 10328598 _____ (Nullsoft, Inc.) C:\Users\William\Downloads\winamp5666_full_en-us_redux.exe 2014-11-18 11:42 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-11-18 11:42 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-11-18 11:42 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2014-11-18 11:42 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2014-11-18 00:26 - 2014-11-18 00:26 - 00000624 _____ () C:\Users\William\Desktop\JRT.txt 2014-11-18 00:15 - 2014-12-15 01:56 - 01234601 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-18 00:13 - 2014-12-15 00:45 - 00008096 _____ () C:\WINDOWS\PFRO.log 2014-11-18 00:07 - 2014-07-26 01:55 - 08289788 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141118-000716.backup 2014-11-18 00:06 - 2014-07-26 01:55 - 08289788 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141118-000620.backup 2014-11-17 16:40 - 2014-11-17 16:40 - 00000166 _____ () C:\Users\William\Downloads\listen.asx 2014-11-17 13:58 - 2014-11-03 16:04 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434465.dll 2014-11-17 13:58 - 2014-11-03 16:04 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434465.dll 2014-11-17 13:55 - 2014-10-03 11:23 - 00038216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2014-11-17 13:55 - 2014-10-03 11:23 - 00035144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2014-11-17 13:55 - 2014-10-03 11:23 - 00032584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-15 02:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-15 01:55 - 2013-11-16 19:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-15 01:07 - 2014-11-14 21:02 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cef0be23c17871.job 2014-12-15 01:06 - 2014-02-22 21:45 - 00004984 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for FLORENCIA-William Florencia 2014-12-15 00:51 - 2013-11-15 00:14 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1787851555-3533030999-402119898-1002 2014-12-15 00:51 - 2013-09-29 20:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-15 00:48 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-15 00:46 - 2014-11-14 21:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-15 00:46 - 2013-12-01 00:51 - 00000000 ___DO () C:\Users\William\SkyDrive 2014-12-15 00:45 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-15 00:44 - 2013-11-06 17:49 - 00014848 _____ () C:\WINDOWS\system32\VfService.trf 2014-12-15 00:44 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-14 22:52 - 2014-01-01 17:36 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{65B76E5E-3F8B-41AF-9909-B4586A51D912} 2014-12-14 02:45 - 2014-07-09 01:58 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-12-14 02:45 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-13 15:35 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-13 15:34 - 2013-11-15 21:48 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-13 15:34 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-13 15:34 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-13 15:32 - 2013-11-15 21:48 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-11 16:27 - 2014-07-11 02:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-11 15:55 - 2013-11-16 19:00 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-11-21 01:02 - 2014-10-19 23:48 - 01707532 _____ (Thisisu) C:\Users\William\Downloads\JRT.exe 2014-11-21 00:58 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Resources 2014-11-21 00:00 - 2014-07-09 01:08 - 00000000 ____D () C:\Users\William\AppData\Roaming\BitTorrent 2014-11-21 00:00 - 2014-03-27 22:33 - 00000000 ____D () C:\AdwCleaner 2014-11-20 19:12 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-11-20 14:19 - 2014-09-29 01:53 - 00000000 ____D () C:\Temp 2014-11-20 14:19 - 2013-11-06 17:04 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-18 01:48 - 2013-12-01 00:17 - 00000000 ____D () C:\Users\William Some content of TEMP: ==================== C:\Users\William\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-12 04:27 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
