[hidden Win32/Dynamer!ac]

I completely restored my machine and everything is running well, I am now ready to reinstall my nvidia drivers.

[hidden Win32/Dynamer!ac]

Could I possibly just do a system restore to factory conditions?

[hidden Win32/Dynamer!ac]

https://dl.dropboxusercontent.com/u/186946666/021015-49421-01.zip

[BSOD - SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (nvlddmkm.sys)]

Just had my 5 BSOD in the last 2 days

[hidden Win32/Dynamer!ac]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015

Ran by jonah_000 at 2015-02-10 16:26:21

Running from C:\Users\jonah_000\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden

.NET Reflector Desktop (HKLM-x32\...\{60EDFDF5-224E-4CB3-8BE8-55A6D852C0A8}) (Version: 8.3.3.115 - Red Gate Software Ltd)

.NET Reflector Visual Studio Extension 8.3 (HKLM-x32\...\{78AB5E88-4A49-43FF-9657-37935971F355}) (Version: 8.3.3.115 - Red Gate Software Ltd)

.NET Streamer (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\24ce9279ad03bb02) (Version: 4.0.0.4 - TRANSLU6DE)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

AlienFX for KoneXTD (HKLM-x32\...\InstallShield_{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH)

AlienFX for KoneXTD (Version: 1.02 - Roccat GmbH) Hidden

altPUG (HKLM-x32\...\{4FC41018-ABBF-47A0-B917-2DA88C04DA7D}) (Version: 1.2 - altPUG LLC)

Angry Birds Star Wars II 1.0.4 (HKLM-x32\...\Angry Birds Star Wars II 1.0.4) (Version: 1.0.4 - Cat-A-Cat)

Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)

Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)

Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)

Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )

Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)

Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.0.630.0 - Autodesk)

Autodesk 3ds Max 2015 (Version: 17.0.630.0 - Autodesk) Hidden

Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)

Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.155.0 - Autodesk)

Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)

Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)

Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden

Autodesk Inventor Server Engine for 3ds Max 2015 (HKLM\...\{9167CA34-4E48-49E3-8892-3C439739D2D3}) (Version: 17.0 - Autodesk)

Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)

Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)

Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)

Autodesk Maya 2015 (HKLM\...\Autodesk Maya 2015) (Version: 15.0.1335.0 - Autodesk)

Autodesk Maya 2015 (Version: 15.0.1335.0 - Autodesk) Hidden

Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.107.0 - Autodesk)

Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.107.0 - Autodesk) Hidden

AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden

Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.4.505 - Bandisoft.com)

Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)

Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)

Battlestar Galactica (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Pokki_f89da3e39e25e3d2803f4028a3b83c692154961e) (Version: v1.1.1 - Pokki)

BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )

Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden

Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden

BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)

BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)

Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden

Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden

Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden

Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden

Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden

Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Build Tools - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden

Build Tools - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

Build Tools Language Resources - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden

Build Tools Language Resources - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version:  - Sledgehammer Games)

Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version:  - Sledgehammer Games)

Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)

Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)

Camtasia Studio 8 (HKLM-x32\...\{80AE23DF-71A4-4E3F-B931-F93AB5DF0BDD}) (Version: 8.4.2.1768 - TechSmith Corporation)

CCG Launcher version 0.7 (HKLM-x32\...\{78D51CE5-799C-4FCA-9635-6F61E19EA5E3}_is1) (Version: 0.7 - Custom Combat Gaming)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )

Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)

Complemento do Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

Complemento Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)

Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)

Dishonored (HKLM-x32\...\Dishonored_is1) (Version:  - )

Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)

Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden

Dropbox (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Dropbox) (Version: 3.2.2 - Dropbox, Inc.)

Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)

Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden

Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)

Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.9.4 - Telerik)

Futuremark SystemInfo (HKLM-x32\...\{EC2B7377-A71D-4F99-87BC-792AE239D3B2}) (Version: 4.31.478.0 - Futuremark)

GameMaker-Studio 1.3 (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\GameMaker-Studio13) (Version:  - YoYo Games Ltd.)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)

Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)

Gtk# for .Net 2.12.25 (HKLM-x32\...\{889E7D77-2A98-4020-83B1-0296FA1BDE8A}) (Version: 2.12.25 - Xamarin, Inc.)

Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)

Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)

IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )

IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )

Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.20.1447 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)

IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Java SE Development Kit 6 Update 39 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160390}) (Version: 1.6.0.390 - Oracle)

join.me (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.)

Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)

K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )

Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)

Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden

Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)

Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.26.1 - ELAN Microelectronic Corp.)

Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)

Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)

LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden

LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden

LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden

LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden

Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Memory Profiler (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

mental ray renderer for Autodesk Maya 2015 (HKLM\...\{BDF821F0-D64C-421D-0052-A9B995B20873}) (Version: 15.0.1335.0 - mental ray)

Metro: Last Light © Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)

Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)

Microsoft SQL Server 2008 Policies (HKLM-x32\...\{01C5A10F-AD9B-405B-853A-6659841A1242}) (Version: 10.0.1600.22 - Microsoft Corporation)

Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{3F7D7ED5-979A-4F96-AE25-DDA54B3E2D2B}) (Version: 10.0.1794.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 Query Tools English (HKLM-x32\...\{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio Express 2013 for Windows - ENU (HKLM-x32\...\{78095723-ced1-49b3-b0ac-8598452ef0ec}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio Premium 2013 (HKLM-x32\...\{cbf78dde-975d-44b1-a5a1-17bdd063bf76}) (Version: 12.0.21005.13 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Module Microsoft Report Viewer pour Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)

MorphVOX Pro (HKLM-x32\...\{76828C87-C612-4329-843B-4DB58060030A}) (Version: 4.4.9 - Screaming Bee)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0a1 - Mozilla)

My Game Long Name (HKLM\...\UDK-b572340e-9cc0-405e-b9a9-2b6eaf1c762c) (Version:  - Epic Games, Inc.)

Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)

Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)

NEOTOKYO° (HKLM-x32\...\Steam App 244630) (Version:  - STUDIO RADI-8)

Netflix (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Pokki_f356775052cadffd19a420ccdfaa87ea13120bef) (Version: 1.0.4.56238 - Pokki)

Nightly 37.0a1 (x86 en-US) (HKLM-x32\...\Nightly 37.0a1 (x86 en-US)) (Version: 37.0a1 - Mozilla)

Nitro Pro 8 (HKLM\...\{6E7DFD3E-2E89-4F35-B4F2-D3301A4AD190}) (Version: 8.5.6.5 - Nitro)

No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)

NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)

NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden

Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)

Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)

PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)

PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)

PlanetSide 2 (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)

Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)

PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden

Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)

Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)

Project3 (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Project3) (Version:  - )

Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)

puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)

Python 2.5 (HKLM-x32\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)

Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden

Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)

Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)

Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)

Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )

ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

ROBLOX Player for jonah_000 (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

ROBLOX Studio 2013 (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)

ROBLOX Studio 2013 for jonah_000 (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)

ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)

Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0013 - Roccat GmbH)

Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)

SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden

SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Snagit 12 (HKLM-x32\...\{a8dbd220-0251-433a-8cc0-8b2e0d67053b}) (Version: 12.1.0.1322 - TechSmith Corporation)

Snagit 12 (x32 Version: 12.1.0 - TechSmith Corporation) Hidden

Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)

Snoopy vs. The Red Baron (HKLM-x32\...\Snoopy vs. The Red Baron) (Version:  - NAMCO BANDAI Games)

SpaceEngine version 0.9.7.1 (HKLM-x32\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)

StageLight version 1.0.0.3508 (HKLM\...\StageLight) (Version: version 1.0.0.3508 - Open Labs, LLC.)

Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.40 - Bioware/EA)

Star Wars: The Force Unleashed II (HKLM-x32\...\Steam App 32500) (Version:  - Aspyr Studios)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Start Menu (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )

Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)

System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)

Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea)

Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

The Chronicles of Riddick: Escape From Butcher Bay (HKLM-x32\...\{A8DE8C34-7F51-4cc8-B326-C425793EE741}) (Version: 1.1 - http://www.vugames-europe.com)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

The Godfather (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Pokki_923d0f1d35897f6a6a73ba838623cda94c4ab689) (Version: v1.2.5 - Pokki)

Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)

Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)

TypeScript Power Tool (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden

TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden

Unreal Engine (HKLM\...\{38F69744-A2C5-4913-813B-7001D6CDC130}) (Version: 1.0.3.0 - Epic Games, Inc.)

Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)

Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)

UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden

Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)

Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

VS Update core components (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

War Thunder Launcher 1.0.1.302 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)

WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden

WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden

WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)

Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden

Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden

World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version:  - Wargaming.net)

Надстройка Microsoft Report Viewer для Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

07-02-2015 10:04:34 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

07-02-2015 10:05:09 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

08-02-2015 13:06:28 Installed Energy Management

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0BFC49B4-9EBC-452A-83BB-7006879C0FD9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {203F8CBC-303D-47A0-B87C-4F5686BDDB23} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-08-05] ()

Task: {34CFF08F-4B2E-48A7-854C-A43E5A851634} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-12-18] (Microsoft Corporation)

Task: {3897393D-62EC-43B2-9148-C10577FCFD24} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {39CD3564-A31C-4379-B8B8-437F0A061B85} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-06-05] ()

Task: {4A63C308-C092-42C9-BE48-A84804CC8175} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {4F0912C2-D2B4-45D5-A4A6-E49031AFBD92} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JONAH-jonah_000 Jonah => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-12-18] (Microsoft Corporation)

Task: {75D87707-117C-4238-9955-69E88DB22EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-12] (Google Inc.)

Task: {7E2457ED-AE91-421F-B3B2-1803D9AC7919} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {7F1DA4DC-790F-4ED2-82A9-AF30BA714ED5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-12] (Google Inc.)

Task: {9DD14DF8-6B14-4A34-9586-0CCD12DD8413} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)

Task: {A1653786-7815-43FE-A5A5-A13CC84DAF0D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {C4190425-7B78-4646-BF61-A988A2C5B62E} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)

Task: {C86B4162-A692-4FD8-BEE1-E651E0F6EE5F} - System32\Tasks\Uninstaller_SkipUac_jonah_000 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)

Task: {DBF70897-6037-4CAB-A879-1FD8D8D36909} - System32\Tasks\{674098D8-2BA8-4600-B450-F7FE60D55771} => pcalua.exe -a C:\Users\jonah_000\AppData\Local\Roblox\Versions\version-c04585a2d58a4f29\RobloxPlayerLauncher.exe -c -uninstall

Task: {E0E9BEE5-9223-4D75-B1B5-345B66A3DF36} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE

Task: {E1DC89D1-A59B-45C5-823A-BF3FF5A8159C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)

Task: {EF7181CC-7252-4EDF-8A69-5024E1095621} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3184068216-3506866942-1434303448-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {FAA55874-33B1-4A82-B7C6-AAEF8D7986B6} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-15] (Overwolf LTD)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

Task: C:\windows\Tasks\Uninstaller_SkipUac_jonah_000.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-12-07 10:10 - 2015-01-09 17:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-12-18 18:39 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-04-05 18:46 - 2014-11-02 11:08 - 00076152 _____ () C:\windows\system32\PnkBstrA.exe

2014-12-09 16:22 - 2014-12-09 16:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

2013-10-30 16:02 - 2013-10-30 16:02 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

2013-10-30 16:02 - 2013-10-30 16:02 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll

2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2014-12-18 19:27 - 2014-12-18 19:27 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-07-19 12:57 - 2014-06-21 00:19 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll

2014-07-19 12:57 - 2014-06-21 00:19 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll

2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-12-24 19:21 - 2012-06-17 11:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll

2014-12-10 18:36 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl

2014-12-10 18:36 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl

2014-12-10 18:36 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

2013-10-30 15:40 - 2013-08-08 14:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-02-05 22:59 - 2015-02-04 03:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll

2015-02-05 22:59 - 2015-02-04 03:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll

2015-02-05 22:59 - 2015-02-04 03:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\Users\jonah_000\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\jonah_000\SkyDrive (2).old:ms-properties

AlternateDataStreams: C:\Users\jonah_000\SkyDrive (3).old:ms-properties

AlternateDataStreams: C:\Users\jonah_000\SkyDrive (4).old:ms-properties

AlternateDataStreams: C:\Users\jonah_000\SkyDrive.old:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16368753.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16368753.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Registry Areas =====================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\jonah_000\Desktop\2160p ULTRA HD Wallpaper collection\spectacular_desert_landscape-wallpaper-3840x2160.jpg

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "Snagit 12.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Roccat Talk.lnk"

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"

HKLM\...\StartupApproved\Run: => "OnekeyStudio"

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

HKLM\...\StartupApproved\Run32: => "Lenovo App Shop"

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"

HKLM\...\StartupApproved\Run32: => "RazerGameBooster"

HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"

HKLM\...\StartupApproved\Run32: => "ADSKAppManager"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKLM\...\StartupApproved\Run32: => "Razer Synapse"

HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run32: => "Andy"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "EADM"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "puush"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Speech Recognition"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Clownfish"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "SandboxieControl"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "CCleaner"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Advanced SystemCare 7"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "GameTracker"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Overwolf"

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3184068216-3506866942-1434303448-500 - Administrator - Disabled)

Guest (S-1-5-21-3184068216-3506866942-1434303448-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3184068216-3506866942-1434303448-1004 - Limited - Enabled)

jonah_000 (S-1-5-21-3184068216-3506866942-1434303448-1002 - Administrator - Enabled) => C:\Users\jonah_000

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/10/2015 04:24:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The configuration registry database is corrupt.

 

Error: (02/10/2015 04:24:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 

 DETAIL - The configuration registry database is corrupt.

 for C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 04:24:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The configuration registry database is corrupt.

 

Error: (02/10/2015 04:24:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 

 DETAIL - The configuration registry database is corrupt.

 for C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The configuration registry database is corrupt.

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 

 DETAIL - The configuration registry database is corrupt.

 for C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The configuration registry database is corrupt.

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 

 DETAIL - The configuration registry database is corrupt.

 for C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

 

Error: (02/10/2015 11:55:57 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

 

 

System errors:

=============

Error: (02/10/2015 11:54:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (02/10/2015 11:30:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 28845PhilinoTechnologies.FlappyBird.

 

Error: (02/10/2015 11:30:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Evernote.Evernote.

 

Error: (02/10/2015 11:30:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: McAfeeInc.06.McAfeeSecurityAdvisorforLenovo.

 

Error: (02/10/2015 11:30:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: E0469640.CameraMan.

 

Error: (02/10/2015 11:30:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 600CCC33.GIFViewer.

 

Error: (02/10/2015 11:30:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: E046963F.LenovoSupport.

 

Error: (02/10/2015 11:30:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.XboxCompanion.

 

Error: (02/10/2015 11:30:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 34791E63.CanonInkjetPrintUtility.

 

Error: (02/10/2015 11:30:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 4DF9E0F8.Netflix.

 

 

Microsoft Office Sessions:

=========================

Error: (02/10/2015 04:24:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

 

Error: (02/10/2015 04:24:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 04:24:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

 

Error: (02/10/2015 04:24:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\jonah_000\Desktop\esetsmartinstaller_enu.exe

 

Error: (02/10/2015 11:55:57 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\jonah_000\Desktop\esetsmartinstaller_enu.exe

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-01-14 19:08:33.320

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:33.195

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:31.516

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:31.391

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:24.444

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:24.319

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:15.930

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:15.789

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:07:23.014

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:07:22.874

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-4700MQ CPU @ 2.40GHz

Percentage of memory in use: 65%

Total physical RAM: 8104.27 MB

Available physical RAM: 2833.54 MB

Total Pagefile: 16296.27 MB

Available Pagefile: 10806.64 MB

Total Virtual: 131072 MB

Available Virtual: 131071.79 MB

 

==================== Drives ================================

 

Drive c: (Windows8_OS) (Fixed) (Total:891.98 GB) (Free:201.34 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:15.3 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 090CA1D4)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

[hidden Win32/Dynamer!ac]

Step 08

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by jonah_000 (administrator) on JONAH on 10-02-2015 16:25:00

Running from C:\Users\jonah_000\Desktop

Loaded Profiles: jonah_000 (Available profiles: jonah_000)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe

(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\System32\PnkBstrA.exe

() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-06-25] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-06-25] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-14] (ELAN Microelectronics Corp.)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2015-02-08] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2015-02-08] (Lenovo(beijing) Limited)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)

HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)

HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-06-21] (Autodesk Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)

HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2014-10-19] (ROCCAT GmbH)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)

HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-09] (Valve Corporation)

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-12-25] ()

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-01] (Electronic Arts)

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [44032 2014-11-22] (Microsoft Corporation)

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [40688 2015-01-15] (Overwolf LTD)

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\RunOnce: [Application Restart #4] => C:\Users\jonah_000\AppData\Local\Pokki\Engine\HostAppService.exe [7846216 2015-01-31] (Pokki)

AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk

ShortcutTarget: Roccat Talk.lnk -> C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe (ROCCAT GmbH Co., Ltd.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk

ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)

Startup: C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\jonah_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\.DEFAULT -> {4A5FBB3C-FFAE-4ED1-AAD3-984439924A8A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3184068216-3506866942-1434303448-1002 -> {4A5FBB3C-FFAE-4ED1-AAD3-984439924A8A} URL = 

SearchScopes: HKU\S-1-5-21-3184068216-3506866942-1434303448-1002 -> {F76957F1-0A2F-48B8-A4E1-712201AB50CF} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler: skype4com - No CLSID Value

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Hosts: Hosts file not detected in the default directory

 

FireFox:

========

FF ProfilePath: C:\Users\jonah_000\AppData\Roaming\Mozilla\Firefox\Profiles\c0q31fre.default

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKU\S-1-5-21-3184068216-3506866942-1434303448-1002: @nsroblox.roblox.com/launcher -> C:\Users\jonah_000\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy.dll ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-3184068216-3506866942-1434303448-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\jonah_000\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy64.dll ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-3184068216-3506866942-1434303448-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)

FF Plugin HKU\S-1-5-21-3184068216-3506866942-1434303448-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

FF Extension: Advanced SystemCare Surfing Protection - C:\Users\jonah_000\AppData\Roaming\Mozilla\Firefox\Profiles\c0q31fre.default\Extensions\iobitascsurfingprotection@iobit.com [2014-12-10]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook

FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-09-28]

StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default -> "hxxp://google.com/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18]

CHR Extension: (Google Drive) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]

CHR Extension: (Poper Blocker) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2014-03-12]

CHR Extension: (YouTube) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-25]

CHR Extension: (Adblock Plus) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-21]

CHR Extension: (Weebly - Website Builder) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2014-03-12]

CHR Extension: (Google Search) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-25]

CHR Extension: (Google Wallet) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25]

CHR Extension: (Gmail) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-25]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-21] (Autodesk Inc.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [760192 2015-01-10] ()

R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [384512 2014-06-27] (Apple Inc.) [File not signed]

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-22] (Microsoft Corporation)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2013-12-31] (Microsoft Corporation)

S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123096 2014-12-24] (altPUG LLC)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [93016 2014-03-03] (EasyAntiCheat Ltd)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-28] (ELAN Microelectronics Corp.)

S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]

S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-10-23] (Futuremark)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)

S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-07] (SurfRight B.V.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-15] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)

R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-07-31] (Intel Corporation)

R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)

R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] () [File not signed]

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)

S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD)

R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76152 2014-11-02] ()

R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-04-13] ()

R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()

R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)

S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-30] ()

S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-16] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-16] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-09-02] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2014-06-25] (Motorola Solutions, Inc.)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()

R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-05] (ELAN Microelectronic Corp.)

S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)

R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)

R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2015-02-10] ()

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-06-25] (Intel Corporation)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3351520 2014-09-02] (Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)

R3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)

R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)

R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)

R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-11-22] (Microsoft Corporation)

R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-11-22] (Microsoft Corporation)

R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-11-22] (Microsoft Corporation)

R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-22] (Microsoft Corporation)

R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)

S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-16] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-09-28] (Microsoft Corporation)

S3 ChodDriver; \??\C:\windows\system32\drivers\ChodDriver.sys [X]

S3 cpuz138; \??\C:\windows\TEMP\cpuz138\cpuz138_x64.sys [X]

S3 GPUZ; \??\C:\windows\TEMP\GPUZ.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-10 16:25 - 2015-02-10 16:25 - 00035464 _____ () C:\Users\jonah_000\Desktop\FRST.txt

2015-02-10 16:24 - 2015-02-10 16:25 - 00000000 ____D () C:\FRST

2015-02-10 16:24 - 2015-02-10 16:24 - 02132992 _____ (Farbar) C:\Users\jonah_000\Desktop\FRST64.exe

2015-02-10 16:22 - 2015-02-10 16:23 - 00000377 _____ () C:\Users\jonah_000\Desktop\ESETscan.txt

2015-02-10 11:55 - 2015-02-10 11:55 - 02347384 _____ (ESET) C:\Users\jonah_000\Desktop\esetsmartinstaller_enu.exe

2015-02-10 11:55 - 2015-02-10 11:55 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-02-10 11:54 - 2015-02-10 11:54 - 00001041 _____ () C:\Users\jonah_000\Desktop\MWBscan.txt

2015-02-10 11:27 - 2015-02-10 11:11 - 00002096 _____ () C:\Users\jonah_000\Desktop\AdwCleaner[s0].txt

2015-02-10 11:09 - 2015-02-10 11:11 - 00000000 ____D () C:\AdwCleaner

2015-02-10 11:08 - 2015-02-10 11:08 - 02112512 _____ () C:\Users\jonah_000\Desktop\AdwCleaner.exe

2015-02-10 11:06 - 2015-02-10 11:06 - 00001685 _____ () C:\Users\jonah_000\Desktop\JRT.txt

2015-02-10 11:03 - 2015-02-10 11:03 - 01388274 _____ (Thisisu) C:\Users\jonah_000\Desktop\JRT.exe

2015-02-09 21:23 - 2015-02-09 21:23 - 00000000 ____D () C:\windows\ERDNT

2015-02-09 21:22 - 2015-02-09 21:22 - 00791393 _____ (Lars Hederer ) C:\Users\jonah_000\Desktop\erunt-setup.exe

2015-02-09 21:22 - 2015-02-09 21:22 - 00000911 _____ () C:\Users\jonah_000\Desktop\NTREGOPT.lnk

2015-02-09 21:22 - 2015-02-09 21:22 - 00000892 _____ () C:\Users\jonah_000\Desktop\ERUNT.lnk

2015-02-09 21:22 - 2015-02-09 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2015-02-09 21:22 - 2015-02-09 21:22 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2015-02-09 19:46 - 2015-02-09 19:48 - 00002306 _____ () C:\Users\jonah_000\Desktop\Rkill.txt

2015-02-09 19:46 - 2015-02-09 19:46 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\jonah_000\Desktop\rkill.exe

2015-02-09 19:45 - 2015-02-10 11:17 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys

2015-02-09 19:37 - 2015-02-09 19:38 - 00331456 _____ () C:\windows\Minidump\020915-50078-01.dmp

2015-02-09 08:16 - 2015-02-09 19:36 - 1665490876 _____ () C:\windows\MEMORY.DMP

2015-02-09 08:16 - 2015-02-09 08:17 - 00327744 _____ () C:\windows\Minidump\020915-65843-01.dmp

2015-02-08 13:07 - 2015-02-08 13:07 - 00007250 _____ () C:\windows\DPINST.LOG

2015-02-08 13:07 - 2015-02-08 13:06 - 00039008 _____ (Lenovo.) C:\windows\system32\Drivers\LhdX64.sys

2015-02-08 13:07 - 2015-02-08 13:06 - 00019872 _____ (Lenovo (Beijing) Limited) C:\windows\system32\LenovoSDKEmSubSystem.dll

2015-02-08 13:05 - 2015-02-08 13:05 - 52872808 _____ (Lenovo Group Limited ) C:\Users\jonah_000\Desktop\em8180214.exe

2015-02-08 11:00 - 2015-02-08 11:04 - 00000000 ____D () C:\Users\jonah_000\Desktop\spare

2015-02-07 20:43 - 2015-02-07 20:43 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe

2015-02-07 19:35 - 2015-02-07 19:36 - 00325384 _____ () C:\windows\Minidump\020715-46296-01.dmp

2015-02-07 16:23 - 2015-02-07 16:23 - 00001920 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2015-02-07 16:23 - 2015-02-07 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2015-02-07 16:23 - 2015-02-07 16:23 - 00000000 ____D () C:\Program Files\HitmanPro

2015-02-07 08:31 - 2015-02-07 08:33 - 04214344 _____ () C:\Users\jonah_000\Desktop\020715-36453-01.dmp

2015-02-05 17:59 - 2015-02-05 17:59 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\Steam

2015-02-04 19:12 - 2014-12-09 16:21 - 00037184 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpmgrk.sys

2015-02-04 17:52 - 2015-02-10 15:57 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-04 17:52 - 2015-02-10 11:14 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-03 20:00 - 2015-02-03 20:00 - 00004773 _____ () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AtrazineChecker.lnk

2015-02-02 21:13 - 2015-02-02 21:14 - 00000005 _____ () C:\Users\jonah_000\Desktop\SafeProcess.txt

2015-02-01 20:04 - 2015-02-01 20:03 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe

2015-02-01 20:04 - 2015-02-01 20:03 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe

2015-02-01 20:04 - 2015-02-01 20:03 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll

2015-02-01 20:04 - 2015-02-01 20:02 - 00897960 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll

2015-02-01 20:04 - 2015-02-01 20:02 - 00818088 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll

2015-02-01 20:04 - 2015-02-01 20:02 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2015-02-01 20:04 - 2015-02-01 20:02 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2015-02-01 20:04 - 2015-02-01 20:02 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2015-02-01 20:04 - 2015-02-01 20:02 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2015-02-01 15:22 - 2015-02-01 15:22 - 00215416 _____ () C:\windows\SysWOW64\PnkBstrB.exe

2015-02-01 15:16 - 2015-02-01 15:16 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\ESN

2015-01-31 23:36 - 2015-01-31 23:42 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy

2015-01-31 23:34 - 2015-01-31 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy

2015-01-31 23:32 - 2015-01-31 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox

2015-01-31 23:32 - 2015-01-31 23:32 - 00000000 ____D () C:\Program Files\Oracle

2015-01-31 23:32 - 2014-11-21 14:57 - 00916024 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys

2015-01-31 23:32 - 2014-11-21 14:55 - 00128080 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys

2015-01-31 23:31 - 2015-01-31 23:31 - 00740775 _____ () C:\ProgramData\AndyDrivers.zip

2015-01-31 11:35 - 2015-01-31 11:46 - 00000013 _____ () C:\Users\jonah_000\Desktop\ATprocess.txt

2015-01-31 09:49 - 2015-01-31 09:49 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\dpnet.dll

2015-01-31 09:49 - 2015-01-31 09:49 - 00377856 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnet.dll

2015-01-31 09:49 - 2015-01-31 09:49 - 00220672 _____ (Microsoft Corporation) C:\windows\SysWOW64\dplayx.dll

2015-01-31 09:49 - 2015-01-31 09:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\dpnathlp.dll

2015-01-31 09:49 - 2015-01-31 09:49 - 00059904 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnathlp.dll

2015-01-31 09:49 - 2015-01-31 09:49 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpwsockx.dll

2015-01-31 09:49 - 2015-01-31 09:49 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\dpnsvr.exe

2015-01-31 09:49 - 2015-01-31 09:49 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnsvr.exe

2015-01-31 09:49 - 2015-01-31 09:49 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\dplaysvr.exe

2015-01-31 09:49 - 2015-01-31 09:49 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpmodemx.dll

2015-01-31 09:49 - 2015-01-31 09:49 - 00009216 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnhupnp.dll

2015-01-31 09:49 - 2015-01-31 09:49 - 00009216 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnhpast.dll

2015-01-31 09:49 - 2015-01-31 09:49 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\dpnhupnp.dll

2015-01-31 09:49 - 2015-01-31 09:49 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\dpnhpast.dll

2015-01-31 09:48 - 2015-01-31 09:52 - 00000000 ____D () C:\Users\jonah_000\Documents\GTA San Andreas User Files

2015-01-30 18:35 - 2015-01-30 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2015-01-30 18:35 - 2015-01-30 18:35 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2015-01-27 19:12 - 2015-01-27 19:12 - 00000000 ____D () C:\windows\SysWOW64\NV

2015-01-27 19:12 - 2015-01-27 19:12 - 00000000 ____D () C:\windows\system32\NV

2015-01-27 19:11 - 2015-01-09 17:29 - 00075080 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll

2015-01-27 19:11 - 2015-01-09 17:29 - 00062608 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 32102544 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 25459856 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 24765584 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 20465296 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 18566296 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 17250776 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 16009120 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 14115944 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 13295552 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 13210248 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 10774544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 10714488 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 10274448 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys

2015-01-27 19:10 - 2015-01-10 02:07 - 03607184 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 03298816 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 03245712 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 02902456 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 01895240 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6434725.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 01556808 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6434725.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00994712 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00969360 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00942736 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00929424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00906384 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00877488 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00496456 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00399688 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00390472 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00353040 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00345744 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00305320 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00177624 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00164568 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll

2015-01-27 19:10 - 2015-01-10 02:07 - 00031376 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys

2015-01-27 19:10 - 2015-01-10 02:07 - 00027441 _____ () C:\windows\system32\nvinfo.pb

2015-01-27 19:06 - 2015-02-08 10:57 - 00001691 _____ () C:\windows\setupact.log

2015-01-27 19:06 - 2015-01-27 19:06 - 00000000 _____ () C:\windows\setuperr.log

2015-01-27 18:43 - 2015-01-27 18:43 - 00002542 _____ () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battlestar Galactica.lnk

2015-01-25 10:24 - 2015-01-25 10:24 - 00000000 ____D () C:\ProgramData\Deskto

2015-01-24 09:17 - 2015-01-24 09:17 - 00002384 _____ () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Godfather.lnk

2015-01-22 18:53 - 2015-01-22 18:53 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\TaiG

2015-01-22 17:54 - 2015-01-22 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-01-22 17:53 - 2015-01-22 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-01-22 17:51 - 2015-01-22 17:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-01-22 17:51 - 2015-01-22 17:53 - 00000000 ____D () C:\Program Files\iTunes

2015-01-22 17:51 - 2015-01-22 17:53 - 00000000 ____D () C:\Program Files (x86)\iTunes

2015-01-22 17:51 - 2015-01-22 17:51 - 00000000 ____D () C:\Program Files\iPod

2015-01-20 13:16 - 2015-01-20 13:16 - 00044296 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys

2015-01-17 21:45 - 2015-01-17 21:45 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\.StarMade

2015-01-14 16:53 - 2015-02-01 15:34 - 00004324 _____ () C:\windows\PFRO.log

2015-01-14 16:48 - 2015-02-10 13:02 - 01332771 _____ () C:\windows\WindowsUpdate.log

2015-01-11 20:36 - 2012-01-15 17:55 - 00000000 ____D () C:\Users\jonah_000\Desktop\Spoof extensions

2015-01-11 10:47 - 2015-02-10 15:53 - 00004978 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JONAH-jonah_000 Jonah

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-10 16:00 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru

2015-02-10 15:33 - 2014-01-04 22:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2015-02-10 11:31 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness

2015-02-10 11:24 - 2013-12-25 08:25 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3184068216-3506866942-1434303448-1002

2015-02-10 11:16 - 2014-06-28 10:21 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\CrashDumps

2015-02-10 11:15 - 2014-12-18 04:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-10 11:15 - 2014-06-04 15:43 - 00000000 ___RD () C:\Users\jonah_000\SkyDrive

2015-02-10 11:15 - 2013-12-26 20:44 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\Adobe

2015-02-10 11:13 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2015-02-10 11:11 - 2013-12-25 08:15 - 00000000 ____D () C:\Users\jonah_000

2015-02-10 11:11 - 2013-10-30 16:02 - 00031232 _____ () C:\windows\system32\VfService.trf

2015-02-10 11:03 - 2014-06-24 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit

2015-02-10 10:29 - 2013-08-28 02:36 - 00915466 _____ () C:\windows\system32\PerfStringBackup.INI

2015-02-10 01:42 - 2013-12-25 08:15 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\Pokki

2015-02-09 20:39 - 2013-12-25 08:26 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-02-09 19:40 - 2013-12-25 08:56 - 11292160 ___SH () C:\Users\jonah_000\Desktop\Thumbs.db

2015-02-09 19:37 - 2013-12-25 09:33 - 00000000 ____D () C:\windows\Minidump

2015-02-09 19:33 - 2013-12-26 14:44 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\Skype

2015-02-09 11:15 - 2013-12-27 10:09 - 00000132 _____ () C:\Users\jonah_000\AppData\Roaming\Adobe PNG Format CC Prefs

2015-02-08 13:05 - 2014-01-10 23:32 - 00000000 ____D () C:\Users\jonah_000\Desktop\2160p ULTRA HD Wallpaper collection

2015-02-07 19:39 - 2014-06-30 15:41 - 00000000 ____D () C:\ProgramData\ProductData

2015-02-07 10:05 - 2013-12-25 10:33 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-07 08:43 - 2014-05-10 15:16 - 00059105 _____ () C:\windows\system32\lvcoinst.log

2015-02-06 18:09 - 2013-08-22 08:44 - 05249440 _____ () C:\windows\system32\FNTCACHE.DAT

2015-02-05 22:59 - 2014-12-13 12:17 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-04 19:11 - 2014-03-12 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

2015-02-04 18:33 - 2014-01-04 22:25 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2015-02-04 18:26 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\rescache

2015-02-04 17:52 - 2014-03-12 19:22 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-04 17:52 - 2014-03-12 19:22 - 00003654 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-02 21:14 - 2013-12-26 13:38 - 00000000 ____D () C:\Users\jonah_000\Desktop\NOTES

2015-02-02 20:39 - 2013-12-25 10:47 - 00000000 ____D () C:\Users\jonah_000\Documents\Visual Studio 2013

2015-02-01 20:04 - 2014-03-10 22:01 - 00000000 ____D () C:\Program Files\Java

2015-02-01 20:04 - 2013-12-25 08:52 - 00000000 ____D () C:\ProgramData\Oracle

2015-02-01 20:04 - 2013-12-25 08:51 - 00000000 ____D () C:\Program Files (x86)\Java

2015-02-01 20:03 - 2014-03-10 22:02 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe

2015-02-01 18:39 - 2013-12-25 08:34 - 00000000 ____D () C:\Users\jonah_000\Desktop\GAMES

2015-02-01 15:34 - 2013-12-29 22:38 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2015-02-01 15:29 - 2014-04-05 19:22 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\OBS

2015-02-01 15:13 - 2014-04-05 19:22 - 00000000 ____D () C:\Program Files\OBS

2015-02-01 14:50 - 2013-12-26 17:51 - 00000000 ____D () C:\Program Files (x86)\Origin

2015-02-01 09:26 - 2014-12-10 18:37 - 00000298 _____ () C:\windows\Tasks\Uninstaller_SkipUac_jonah_000.job

2015-02-01 09:24 - 2013-12-25 08:33 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-02-01 09:18 - 2013-10-30 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo

2015-02-01 09:18 - 2013-10-30 15:56 - 00000000 ____D () C:\ProgramData\CyberLink

2015-02-01 09:18 - 2013-10-30 15:54 - 00000000 ____D () C:\Program Files (x86)\Lenovo

2015-02-01 09:18 - 2013-10-30 15:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-02-01 09:13 - 2014-06-27 12:13 - 00000000 ____D () C:\Users\jonah_000\VirtualBox VMs

2015-02-01 09:13 - 2013-12-25 08:21 - 00002351 _____ () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

2015-01-31 23:41 - 2014-06-27 12:13 - 00000000 ____D () C:\Users\jonah_000\.VirtualBox

2015-01-31 22:50 - 2014-01-16 11:09 - 00000000 ____D () C:\Program Files (x86)\WarThunder

2015-01-31 12:26 - 2014-07-03 11:37 - 00000000 ___RD () C:\Users\jonah_000\Dropbox

2015-01-31 11:28 - 2014-06-29 15:19 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\Dropbox

2015-01-31 10:00 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp

2015-01-30 20:50 - 2014-10-08 12:16 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-01-28 19:24 - 2014-06-30 15:31 - 00000000 ____D () C:\Users\jonah_000\Desktop\ICONS

2015-01-27 19:12 - 2014-12-07 10:10 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-24 20:19 - 2014-01-04 22:14 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\LogMeIn Hamachi

2015-01-24 17:38 - 2014-06-16 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-23 19:37 - 2014-12-19 19:36 - 00000000 ____D () C:\Program Files (x86)\Overwolf

2015-01-22 17:54 - 2014-07-27 11:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2015-01-22 17:51 - 2014-09-29 16:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2015-01-22 17:51 - 2014-02-08 21:32 - 00000000 ____D () C:\Program Files\Common Files\Apple

2015-01-16 00:41 - 2014-12-26 22:46 - 01278920 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll

2015-01-16 00:41 - 2014-07-20 13:15 - 01756424 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll

2015-01-16 00:41 - 2014-07-20 13:15 - 01316184 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll

2015-01-16 00:41 - 2013-12-26 10:50 - 01514528 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll

2015-01-13 17:04 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\LiveKernelReports

 

==================== Files in the root of some directories =======

 

2013-12-27 10:09 - 2015-02-09 11:15 - 0000132 _____ () C:\Users\jonah_000\AppData\Roaming\Adobe PNG Format CC Prefs

2014-05-10 16:35 - 2014-05-11 08:15 - 0000132 _____ () C:\Users\jonah_000\AppData\Roaming\Adobe PNG Format CS6 Prefs

2014-04-17 20:42 - 2014-04-18 16:07 - 0000132 _____ () C:\Users\jonah_000\AppData\Roaming\Adobe Targa Format CC Prefs

2014-01-26 23:46 - 2014-09-17 18:52 - 0253440 ___SH () C:\Users\jonah_000\AppData\Roaming\Thumbs.db

2014-01-26 11:48 - 2014-07-02 14:49 - 0001456 _____ () C:\Users\jonah_000\AppData\Local\Adobe Save for Web 13.0 Prefs

2014-08-25 18:26 - 2014-08-25 18:26 - 0000000 _____ () C:\Users\jonah_000\AppData\Local\debuggee.mdmp

2014-01-03 13:06 - 2015-01-03 22:20 - 0007600 _____ () C:\Users\jonah_000\AppData\Local\Resmon.ResmonCfg

2014-06-28 14:40 - 2014-06-28 14:40 - 0000000 _____ () C:\Users\jonah_000\AppData\Local\test.txt

2015-01-31 23:31 - 2015-01-31 23:31 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip

2013-10-30 15:43 - 2013-10-30 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

 

Some content of TEMP:

====================

C:\Users\jonah_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfzbkjk.dll

C:\Users\jonah_000\AppData\Local\Temp\HitmanPro.exe

C:\Users\jonah_000\AppData\Local\Temp\jre-8u31-windows-au.exe

C:\Users\jonah_000\AppData\Local\Temp\oct2D0F.tmp.exe

C:\Users\jonah_000\AppData\Local\Temp\oct2F60.tmp.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

 

 

LastRegBack: 2015-02-02 17:55

 

==================== End Of Log ============================

[hidden Win32/Dynamer!ac]

Step 07

 

C:\Program Files (x86)\Turbo Dismount\Turbo\TurboDismount\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan

C:\Sandbox\jonah_000\DefaultBox\user\current\AppData\Local\Temp\regedit_x64.exe a variant of Win32/Injector.Autoit.ABQ trojan

C:\Sandbox\jonah_000\DefaultBox\user\current\AppData\Local\Temp\DCSCMIN\IMDCSC.exe a variant of Win32/Injector.Autoit.ABQ trojan

[hidden Win32/Dynamer!ac]

Step 06

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2/10/2015

Scan Time: 11:35:24 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.02.10.09

Rootkit Database: v2015.02.03.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: jonah_000

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 524453

Time Elapsed: 18 min, 11 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[hidden Win32/Dynamer!ac]

Step 05

 

# AdwCleaner v4.110 - Logfile created 10/02/2015 at 11:11:15

# Updated 05/02/2015 by Xplode

# Database : 2015-02-09.1 [server]

# Operating system : Windows 8.1  (x64)

# Username : jonah_000 - JONAH

# Running from : C:\Users\jonah_000\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StageLight

Folder Deleted : C:\Program Files\StageLight

File Deleted : C:\END

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\anchorfree

Key Deleted : HKCU\Software\Pokki

Key Deleted : HKCU\Software\UpdaterEX

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Mozilla Firefox v27.0.1 (en-US)

 

 

-\\ Google Chrome v40.0.2214.111

 

 

*************************

 

AdwCleaner[R0].txt - [2122 bytes] - [10/02/2015 11:10:24]

AdwCleaner[s0].txt - [1957 bytes] - [10/02/2015 11:11:15]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2016  bytes] ##########

[hidden Win32/Dynamer!ac]

Step 04

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 8.1 x64

Ran by jonah_000 on Tue 02/10/2015 at 11:03:34.66

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update jump flip

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util jump flip

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\jonah_000\AppData\Roaming\search protection"

Successfully deleted: [Folder] "C:\Users\jonah_000\AppData\Roaming\updaterex"

Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\Users\jonah_000\AppData\Roaming\mozilla\firefox\profiles\c0q31fre.default\user.js

Successfully deleted: [File] C:\Users\jonah_000\AppData\Roaming\mozilla\firefox\profiles\c0q31fre.default\invalidprefs.js

Successfully deleted the following from C:\Users\jonah_000\AppData\Roaming\mozilla\firefox\profiles\c0q31fre.default\prefs.js

 

user_pref("extensions.xpiState", "{\"app-profile\":{\"iobitascsurfingprotection@iobit.com\":{\"d\":\"C:\\\\Users\\\\jonah_000\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Pr

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 02/10/2015 at 11:06:50.73

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[BSOD - SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (nvlddmkm.sys)]

Hi:

 

 

In that case, I suggest that you might want to send a PM to the forum Admin, AdvancedSetup.

When you do, it would help to provide him with both of these links:

https://forums.malwarebytes.org/index.php?/topic/161949-hidden-win32dynamerac/https://forums.malwarebytes.org/index.php?/topic/164569-bsod-system-thread-exception-not-handled-nvlddmkmsys/

 

He will either re-open the old one, or he might suggest starting with a new topic, as quite a bit of time has elapsed since the original post.

 

Thanks for your patience,

Thanks, I'll return to this thread when I finish malware removal.

[hidden Win32/Dynamer!ac]

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2/9/2015

Scan Time: 7:49:51 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.02.10.01

Rootkit Database: v2015.02.03.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: jonah_000

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 524434

Time Elapsed: 20 min, 6 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[BSOD - SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (nvlddmkm.sys)]

Hello and welcome back:

 

Until the staff members and expert forum members arrive to help, a couple of things:

 

• Is this the same computer on which you were recently working in the malware removal section here: https://forums.malwarebytes.org/index.php?/topic/161949-hidden-win32dynamerac/?
• As you pointed out, BSOD are usually caused by hardware problems, driver issues, or certain types of bad malware (rootkits).

The sort of deep work needed to exclude and/or cleanup from a rootkit infection cannot be performed in this particular area of the forum.

Such work is conducted in a special forum area reserved for that purpose.

 

You could post Diagnostic Logs here in this thread to start the process.

>>>However, in the interest of efficiency, I suggest that you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.

It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.

A malware analyst will assist you with looking into your issue.

If there are other, non-malware issues that remain after getting the "all-clear" from your helper, s/he may refer you back here for additional work.

Thanks,

Yes it is the same computer, and the the thread closed after me not responding because all I saw was the 

 

Your replying to yourself will delay someone providing assistance.  A Forum Helper will see a Post with Replies and thus will seek a post w/o replies.

 

• Create a new post.
• Choose "More Reply Options" on the bottom Right of the Web Form
• Now choose "Attach Files" on the bottom Left of the Web Form.
• Browse and find your ZIP or RAR file.
• Choose "Add Reply" and there's your post with your attachment(s)

And i never checked back to see the other admins response, If you unlocked the thread I would keep it going.

[BSOD - SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (nvlddmkm.sys)]

Lately I have been getting blue screens, it started happening randomly about once a month. But now the bluescreens are becoming more frequent and I am now even more worried than I was before about the problems behind the random bluescreens. 

 

photo of bluescreen error : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (nvlddmkm.sys)

https://dl.dropboxusercontent.com/u/186946666/FullSizeRender.jpg

 

If I were to make an educated guess at what the problem is I would say that it is probably my Intel graphics drivers. A few months ago on a separate thread I posted about my graphics drivers crashing someone helped me re install my drivers. The crashing stopped but that's when I noticed that I would bluescreen instead of just crashing, it was like the problem had been replaced by a separate one.

 

With a little Googling I found that this same BSOD error was related to graphics drivers which led me to believe that it was the drivers that are causing my BSOD's.

 

I have a link for a minidump from my most recent BSOD

https://dl.dropboxusercontent.com/u/186946666/020715-36453-01.dmp

 

[PC memory problems and freezing]

It turns out im still getting the memory problems 

[hidden Win32/Dynamer!ac]

Here is the log for hitman pro 

https://dl.dropboxusercontent.com/u/186946666/HitmanPro_20141202_2136.txt

oops my dropbox wont work.

[hidden Win32/Dynamer!ac]

Here is the log for hitman pro 

https://dl.dropboxusercontent.com/u/186946666/HitmanPro_20141202_2136.txt

[hidden Win32/Dynamer!ac]

Before I start I want to let you know that this comes from a post from earlier were I fixed some drivers that were crashing : https://forums.malwarebytes.org/index.php?/topic/161915-pc-memory-problems-and-freezing/ more info can be found there

 

 

Recently I have noticed my PC was not running as well as it normally has. Google chrome and my other browsers load webpages very VERY slow compared to normal, and they crash alot. My computer has also been running slower overall, and had some weird driver and memory problems that I mentioned in my other post.

 

I decided to scan my computer to make sure everything was ok I searched for virus's on my PC and I scanned it with many anti viruses, Malwarebytes, RogueKiller, TDSSKiller, HitmanPro. The results were few and far between. The only program to detect something bad was HitmanPro 

But here is the weird part, out of all programs Windows Defender detected a Trojan:Win32/Dynamer!ac in a hidden file (C:\Users\jonah_000\NkLviagAvmQR to be exact)

The file cannot be deleted, even with cmd and its hidden from view when I use my file explorer, even with hidden files setting on.

 

I tried searching for a start-up registry for the Trojan and couldn't find one.

I navigated to the file directory provided by windows defender and found a file with an exe inside, it had a random name, and no signature on the file. I trashed it to my recycle bin and deleted it but I know it probably didn't do anything 

the file : 

note how you can't see it if I go to the parent directory : 

 

 

 

[PC memory problems and freezing]

Since I did what you said I haven't noticed the intel drivers or my browsers crashing, but i'm still a little worried about that file windows defender had found.

 

 

Windows Defender detected a Trojan:Win32/Dynamer!ac in a hidden file C:\Users\jonah_000\NkLviagAvmQR

The file cannot be deleted, even with cmd and its hidden from view when i use my explorer. I tried searching for a startup registry for the Trojan and couldn't find one.

 

I know file existed along with a exe with a random name, and without any signature on the file, I deleted it to recycle bin which probably didn't do much. The file is hidden from file explorer even when hidden files are checked on in settings but I navigated to the file because windows defender provided me with the location.

 

[PC memory problems and freezing]

If you are implying that you attempted installing the BIOS update, you must be using an AC Power Supply and can not be on battery power when you install a BIOS update.

 

BTW:  My instruction were to download itand have it handy but I had not requested that you install it yet.  Which lead to confusion.

ok thank you

[PC memory problems and freezing]

"When I open it the program..."

 

I'm sorry.  I dropped my crystal ball and it broke so I can't read your mind. 

 

What program ?

What is "it" ?

BIOS v3.05

[PC memory problems and freezing]

I followed directions and installed everything successfully except for the BIOS v3.05. When I open it the program gives an error that says "DC gas gauge under 30%"

[PC memory problems and freezing]

[PC memory problems and freezing]

Obtain the following...

• BIOS v3.05
• Intel HD Graphics 4600
• GeForce GT 755M

 

Have them downloaded and "handy":

 

Go to Control Panel -->  Programs and Features

Remove

• Intel HD Graphics 4600
• GeForce GT 755M

 

Reboot

 

Install the

Intel HD Graphics 4600  and GeForce GT 755M software and then reboot.

 

Use the NB and see how it works.

I cant find programs named that

[PC memory problems and freezing]

Lenovo ideapad y410p